Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Ghost Ransomware (.Ghost)

  • Distribution Method : Unknown
 
  • MD5 : cd0f7f29e337f2ebe455ba4a85fb2b70
 
  • Major Detection Name : Trojan.Ransom.HiddenTear (ALYac), Ransom_GHOST.THAAAIAH (Trend Micro)
 
  • Encrypted File Pattern : .Ghost
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\Ghost
     - C:\Users\%UserName%\AppData\Roaming\Ghost\Ghost.bat
     - C:\Users\%UserName%\AppData\Roaming\Ghost\GhostHammer.dll
     - C:\Users\%UserName%\AppData\Roaming\Ghost\GhostService.exe
     - C:\Users\%UserName%\AppData\Roaming\Ghost\GhostService.exe.config
     - C:\Users\%UserName%\AppData\Roaming\Ghost\GhostService.pdb
     - C:\Users\%UserName%\AppData\Roaming\Ghost\GhostService.vshost.exe
     - C:\Do_Not_Delete_codeId.txt
     - C:\GhostFile.dll
     - C:\GhostForm.exe
     - C:\GhostHammer.dll
 
  • Major Characteristics :
     - Offline Encryption
     - Hidden-Tear Open Source based Ransomware
     - Stop the MSSQLSERVER services
     - Automatically executes GhostService (%AppData%\Ghost\GhostService.exe) every 2 minutes.

List

위로