Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

GlobeImposter Ransomware (.[i-absolutus@bigmir.net].rose)

  • Distribution Method : Mail attachment
 
  • MD5 : 35dbc933eb02e3c9ca28fa0c78cd5606
 
  • Major Detection Name : Ransom/W32.GlobeImposter.247560 (nProtect), Ransom_FAKEGLOBE.ENE (Trend Micro)
 
  • Encrypted File Pattern : .[i-absolutus@bigmir.net].rose
 
  • Malicious File Creation Location : C:\Users\Public\vbc.exe (= C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe : Clean File)
 
  • Payment Instruction File : how_to_back_files.html
 
  • Major Characteristics :
         - Offline Encryption
         - Fake Globe / PSCrypt Ransomware series
         - Use a valid MIKROSOFT Digital Signatures
         - File encryption using vbc.exe (Microsoft Visual Basic Command Line Compiler) Clean file
         - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)

List

위로