Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Termite Ransomware (.Xiak)

  • Distribution Method : Unknown
 
  • MD5 : e2825e7c7cec068e2a14dff6087d956b
 
  • Major Detection Name : Trojan/Win32.Termite.C2723579 (AhnLab V3), Ransom.Termite.UPX (Malwarebytes)
 
  • Encrypted File Pattern : .Xiak
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile
     - C:\Users\%UserName%\AppData\Local\Temp\<Number>\TemporaryFile\TemporaryFile
     - C:\Users\%UserName%\Desktop\Payment.exe
     - C:\Windows\System32\mswsock.dll
     - C:\Windows\SysWOW64\mswsock.dll
     - C:\Windows\Termite.exe
 
  • Major Characteristics :
     - Offline Encryption
     - The Chinese, English and Japanese users targeted
     - Modifies Microsoft Windows Sockets 2.0 Service Provider (mswsock.dll) and executes ransomware when a application loads the library.
     - When executing .Xiak file extension, displays message window (Payment.exe) and runs ransomware (C:\Windows\Termite.exe)

List

위로