Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 6f772eb660bc05fc26df86c98ca49abc
 
  • Major Detection Name : Trojan.Ransom.SynAck.A (BitDefender), Ransom:Win32/Snafes.A (Microsoft)
 
  • Encrypted File Pattern : .<10 Digit Alphabet Random Extension>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\==READ==THIS==PLEASE==<Random>.txt
     - C:\Users\%UserName%\AppData\Roaming\msiexec.exe
 
  • Payment Instruction File : ==READ==THIS==PLEASE==<Random>.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Security solutions detection bypass using Process Doppelgänging technology
     - File encryption using clean file "C:\Users\%UserName%\AppData\Roaming\msiexec.exe"
     - Block processes (dns.exe, javaw.exe, mmc.exe, php.exe etc.) execution and Stop system services (mysql, vmvss, vss, wmsvc etc.)
     - Deletes event log
     - Display a ransomware message on the Windows logon screen

List

위로