Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Conficker Ransomware (.conficker)

  • Distribution Method : Unknown
  • MD5 : b175596ebc130f9cd99334fcc428e686
  • Major Detection Name : Ransom.CryptoTorLocker (Norton), Ransom_CONFICKER.A (Trend Micro)
  • Encrypted File Pattern : .conficker
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\crypteddd.vbs
         - C:\Users\%UserName%\AppData\Local\Temp\<Random>.tmp\Read@My.vbs
         - C:\Users\%UserName%\AppData\Local\Tempconficker.exe
         - C:\Users\%UserName%\AppData\Local\Temprunsom.exe
         - C:\Users\%UserName%\AppData\Local\Tempspech.exe
         - C:\Users\%UserName%\Desktop\Decrypt.txt
         - \\Attention!.Exe
  • Payment Instruction File : Decrypt.txt
  • Major Characteristics : Offline Encryption, Encryption guide using text-to-speech (TTS) function, After the encryption creates following files into each target directory : <Original Folder name>.conficker / <Original Filename>.<Original Extension>.conficker / <Original Filename>.<Original Extension>.conficker.conficker file(66 Bytes) containing the phrase "Infected By conficker Ransomware", Does not encrypt files in other partitions however creates <Original Filename>.<Original Extension>.conficker file and \\Attention!.exe to induce user execution, Changes Desktop Background(C:\Users\%UserName%\AppData\Roaming\img.jpg)