Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 69d07a8452391985937e19a106dfe531
 
  • Major Detection Name : W32/Diztakun.BKTO!tr (Fortinet), Ransom:Win32/Vigorf.A (Microsoft)
 
  • Encrypted File Pattern : (encrypted) <Original Filename>.<Original Extension>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\_MEI<Random>
     - C:\Users\%UserName%\AppData\Local\Temp\Explore.exe
     - C:\Users\%UserName%\AppData\Local\Temp\setup.bat
     - C:\Users\%UserName%\AppData\Local\Temp\start.vbs
     - C:\Users\%UserName%\AppData\Local\Temp\warning.vbs
     - C:\Windows\SoftwareDistribution\Download\windll.exe
 
  • Major Characteristics :
     - Offline Encryption
     - HolyCrypt Ransomware series
     - Python-based Ransomware
     - Create a fake "archeage.exe - Application Error" message
     - Disable and Blocks Windows Run Command in Start menu (NoRun), Command Prompt (DisableCMD), Registry Editor (DisableRegistryTools) and Task Manager (DisableTaskMgr)
     - Disable system restore (vssadmin Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No, bcdedit /set {default} bootstatuspolicy ignoreallfailures)

List

위로