SecurityHome.eu Ransom:Win32/Hyptkript.A

Home / malware PDF

Ransom:Win32/Hyptkript.A

First posted on 18 August 2016.
Source: Microsoft
Aliases :
There are no other names known for Ransom:Win32/Hyptkript.A.
Explanation :
Installation

This ransomware drops the following files in the %TEMP% folder:

extratools.bat

erone.vbs

firefox32.exe

chrst.exe

Payload

Pretends to encrypt your files

We have seen this ransomware target the following directory and remove all extensions of files (pretend encryption). Then, the files in the targeted directories are deleted after you restart your PC:

C:\Users\Public\Pictures\Sample Pictures

C:\Users\Public\Music\Sample Music

C:\Users\Public\Videos\Sample Videos

%userprofile%\Pictures

%userprofile%\Documents

%userprofile%\Downloads

%userprofile%\Music

%userprofile%\Videos

%userprofile%\Contacts

%userprofile%\Links

%userprofile%\Desktop

Example:

File1.png is renamed to file1.

file.bin is renamed to file.

Analysis by Carmen Liang
Last update 18 August 2016

TOP

Malware :

Last 20

Family:

Ransom:Win32/Hyptkript.A