Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method: By visitng infected WordPress based website, infected by exploit kit using vulnerability of WordPress

 

  • MD5: a8f71638d511d60c7bf8c3de1f7951d7

 

  • Major Detection Name: Trojan/Win32.Teslacrypt.C1326502 (AhnLab V3), Ransom:Win32/Crowti.A (Microsoft)

 

  • Encrypted File Pattern: .h0, .u1, .a9cw (random extension)

 

  • Malicious File Creation Location: C:\Users\%USERNAME%\AppData\Roaming\05cf3150b\2db732cbb4.exe (self removal after encryption)

 

List

위로