Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 21f4bbcd65d0bff651fa45d442e33877
 
  • Major Detection Name : Win32/Filecoder.ED (ESET), Ransom_CRYPSHED.N (Trend Micro)
 
  • Encrypted File Pattern : <Random Filename>.<Random>.windows10
 
  • Malicious File Creation Location :
         - C:\ProgramData\Windows\csrss.exe
         - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs
 
  • Payment Instruction File : README1.txt / README2.txt / README3.txt / README4.txt / README5.txt / README6.txt / README7.txt / README8.txt / README9.txt / README10.txt
 
  • Major Characteristics :
         - Offline Encryption
         - English and Russian users targeted
         - Attempt to install additional malware
         - Changes desktop background (C:\Users\%UserName%\AppData\Roaming\<Random>.bmp)

List

위로