Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : b175596ebc130f9cd99334fcc428e686
- Major Detection Name : Ransom.CryptoTorLocker (Norton), Ransom_CONFICKER.A (Trend Micro)
- Encrypted File Pattern : .conficker
- Malicious File Creation Location :
- C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\crypteddd.vbs
- C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\Read@My.vbs
- C:\Users\%UserName%\AppData\Local\Tempconficker.exe
- C:\Users\%UserName%\AppData\Local\Temprunsom.exe
- C:\Users\%UserName%\AppData\Local\Tempspech.exe
- C:\Users\%UserName%\Desktop\Decrypt.txt
- \\Attention!.Exe
- Payment Instruction File : Decrypt.txt
- Major Characteristics : Offline Encryption, Encryption guide using text-to-speech (TTS) function, After the encryption creates following files into each target directory : <Original Folder name>.conficker / <Original Filename>.<Original Extension>.conficker / <Original Filename>.<Original Extension>.conficker.conficker file(66 Bytes) containing the phrase "Infected By conficker Ransomware", Does not encrypt files in other partitions however creates <Original Filename>.<Original Extension>.conficker file and \\Attention!.exe to induce user execution, Changes Desktop Background(C:\Users\%UserName%\AppData\Roaming\img.jpg)