Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Gruxer Ransomware (.locked + Damaged JPG Image File)

  • Distribution Method : Unknown
 
  • MD5 : e61d2b77e44fd1047410d36bd57a885f
 
  • Major Detection Name : MSIL:Ransom-J [Trj] (Avast), Troj/HTRansom-B (Sophos)
 
  • Encrypted File Pattern :
         - TEARS.EXE : .locked
         - WORM.EXE : Embeds png image to JPG files (No Change)
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Local\Temp\GRUXER.EXE
         - C:\Users\%UserName%\AppData\Local\Temp\TEARS.EXE
         - C:\Users\%UserName%\AppData\Local\Temp\WORM.EXE
 
  • Major Characteristics :
         - Hidden-Tear Open Source based Ransomware (TEARS.EXE)
         - Embeds png image to JPG files (WORM.EXE)
         - Changes desktop background (C:\Windows\web\wallpaper\Windows\img0.jpg)

List

위로