Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

MemeCryptor Ransomware (.bmp)

  • Distribution Method : Unknown
  • MD5 : 8d4df11dd86bd6ed50767765d55e7bb9
  • Encrypted File Pattern : .bmp
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
     - C:\Users\%UserName%\AppData\Local\Temp\memeFile.bmp
  • Payment Instruction File : READMEPLEASE.TXT
  • Major Characteristics :
     - Offline Encryption
     - Disable and Blocks Task Manager (DisableTaskMgr)
     - Disable system restore (wmic SHADOWCOPY DELETE, wbadmin DELETE SYSTEMSTATEBACKUP, bcdedit.exe /set default bootstatuspolicy ignoreallfailures, bcdedit.exe /set default recoveryenabled No)