映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

  • Distribution Method : Unknown
 
  • MD5 : b175596ebc130f9cd99334fcc428e686
 
  • Major Detection Name : Ransom.CryptoTorLocker (Norton), Ransom_CONFICKER.A (Trend Micro)
 
  • Encrypted File Pattern : .conficker
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\crypteddd.vbs
         - C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\Read@My.vbs
         - C:\Users\%UserName%\AppData\Local\Tempconficker.exe
         - C:\Users\%UserName%\AppData\Local\Temprunsom.exe
         - C:\Users\%UserName%\AppData\Local\Tempspech.exe
         - C:\Users\%UserName%\Desktop\Decrypt.txt
         - \\Attention!.Exe
 
  • Payment Instruction File : Decrypt.txt
 
  • Major Characteristics : Offline Encryption, Encryption guide using text-to-speech (TTS) function, After the encryption creates following files into each target directory : <Original Folder name>.conficker / <Original Filename>.<Original Extension>.conficker / <Original Filename>.<Original Extension>.conficker.conficker file(66 Bytes) containing the phrase "Infected By conficker Ransomware", Does not encrypt files in other partitions however creates <Original Filename>.<Original Extension>.conficker file and \\Attention!.exe to induce user execution, Changes Desktop Background(C:\Users\%UserName%\AppData\Roaming\img.jpg)

リスト

위로