Home Malware Programs Ransomware '0000 File Extension' Ransomware

'0000 File Extension' Ransomware

Posted: November 20, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 450
First Seen: June 6, 2016
Last Seen: March 14, 2023
OS(es) Affected: Windows

The '0000 File Extension' Ransomware is part of a family of file-locking threats labeled CryptoMix or CryptMix Ransomware. Trojans of this classification may block your media by encrypting it, create messages demanding money and delete any local backups. Breaking the encoding that the '0000 File Extension' Ransomware uses may or may not be possible, and malware experts advise combining conservative backup schedules with proactive anti-malware solutions to protect your digital information and remove the '0000 File Extension' Ransomware when required.

Numerology Goes Ironic with Trojans

As, ultimately, a convoluted expression of ones and zeroes, programming is an excellent demonstration of the power of numbers. However, the occult topic of numerology is, for the threatening software industry, most useful as a brand. Depending on its prominence, the latest variant of the CryptMix Ransomware family may become as infamous as the 'number of the beast,' thanks to it marketing itself as the '0000 File Extension' Ransomware.

The '0000 File Extension' Ransomware only uses its number for marking the files that it attacks, although the choice appears to be a reference to the 'angel number' that represents oneness with God. Besides marketing itself differently, malware experts find almost no technical changes with this threat, which includes most of the modern CryptMix Ransomware features. These functions broadly include:

  • To keep itself hidden, the '0000 File Extension' Ransomware will suppress some system errors, such as boot-up warnings, that Windows may trigger after its installation routine.
  • The '0000 File Extension' Ransomware tries to delete some forms of local backups automatically, such Windows Shadow Copies, that victims might use for restoring their media (see below).
  • The Trojan's primary attack feature uses encryption to encode and lock different formats of files, such as AVI movies, BMP pictures, ZIP archives or Word documents. Recent versions of the '0000 File Extension' Ransomware's family use a strictly internal list of keys, which helps them conduct these attacks without a network connection. As per its name, the '0000 File Extension' Ransomware also adds the '.0000' extension to the files that it blocks.

A final feature generates a simple ransom note in the Notepad format. The '0000 File Extension' Ransomware's threat actors use this file for providing e-mail contacts to negotiate payments for the file-unlocking solution, with no upfront details regarding the cost or currency.

Stopping a File-Locking Threat from Zeroing in on You

Although the '0000 File Extension' Ransomware can lock your PC's media without needing an Internet connection, the original infection vector usually will relate to an online-based strategy, such as spamming emails or corrupted website scripts. Updating your software can patch many, if not all of the exploits that threat actors use to trigger drive-by-downloads for distributing Trojans. Dedicated anti-malware tools also should detect the '0000 File Extension' Ransomware as a threat regardless of its distribution method.

Some victims choose to pay a cybercrook's ransom as the only practical way of restoring their encoded media, although cybercrook-sponsored decryptors sometimes are fraudulent or cause additional corruption of data. Keeping your backups secure and up-to-date can remove most of the risks associated with file-locking Trojans of all families. Malware experts also advocate deleting the '0000 File Extension' Ransomware with appropriate anti-malware programs beforehand for limiting the loss of files.

Since RaaS marketing strategies still are profitable, the CryptMix Ransomware's family isn't going anywhere. Users doing the numbers should need almost no time to realize that placing their files at risk from Trojans like the '0000 File Extension' Ransomware is a fiscally irresponsible decision.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 109.89 KB (109896 bytes)
MD5: 0403db9fcb37bd8ceec0afd6c3754314
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 1, 2020
cryptomix.exe File name: cryptomix.exe
Size: 89.08 KB (89088 bytes)
MD5: cacf78f42e19d6253351e97842d815da
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017
%ALLUSERSPROFILE%\Application Data\FlashPlayerPlugin_9ddb30cf_c80c92f8.exe File name: FlashPlayerPlugin_9ddb30cf_c80c92f8.exe
Size: 84.48 KB (84480 bytes)
MD5: 0995230b95584a48f405c25e3d370482
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: May 3, 2017
%APPDATA%\AdobeFlashPlayer_8cd260f56cda739b.exe File name: AdobeFlashPlayer_8cd260f56cda739b.exe
Size: 100.86 KB (100864 bytes)
MD5: 6b67d8d65b3f0c63dac45e246fb5f1d6
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2017
%ALLUSERSPROFILE%\Application Data\FlashPlayerPlugin_cbf0290c_4c6ede02.exe File name: FlashPlayerPlugin_cbf0290c_4c6ede02.exe
Size: 83.45 KB (83456 bytes)
MD5: f26be6279ec6092515d9dae51563660c
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: May 3, 2017
%APPDATA%\AdobeFlashPlayer_7492a3418dfb7255.exe File name: AdobeFlashPlayer_7492a3418dfb7255.exe
Size: 95.74 KB (95744 bytes)
MD5: 0f43c5cf5f627ed0bc650fd61094d680
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2017
%APPDATA%\AdobeFlashPlayer_94e30973ab4e2d2.exe File name: AdobeFlashPlayer_94e30973ab4e2d2.exe
Size: 90.62 KB (90624 bytes)
MD5: 818a0a4a3843f7eb7166a807a597898a
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2017
%APPDATA%\AdobeFlashPlayer_b8a94cdf1330f5.exe File name: AdobeFlashPlayer_b8a94cdf1330f5.exe
Size: 96.76 KB (96768 bytes)
MD5: ad66f350d86b140201fa0885f5d09fe0
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2017
%ALLUSERSPROFILE%\BC001B7832.exe File name: BC001B7832.exe
Size: 208.38 KB (208384 bytes)
MD5: 7dca6ef84f0c99f34ca21fae124d4f1b
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: August 17, 2022
%APPDATA%\AdobeFlashPlayer_3207783b69ba0b7d.exe File name: AdobeFlashPlayer_3207783b69ba0b7d.exe
Size: 88.57 KB (88576 bytes)
MD5: 99f2ea85b58ed6b138a577d6782308a0
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2017
%APPDATA%\AdobeFlashPlayer_e82246b15d9a70f0.exe File name: AdobeFlashPlayer_e82246b15d9a70f0.exe
Size: 102.91 KB (102912 bytes)
MD5: 4ba02659f560b420d9f6dfe875e0e124
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2017
%ALLUSERSPROFILE%\Application Data\FlashPlayerPlugin_cb8b2ee_681b245c.exe File name: FlashPlayerPlugin_cb8b2ee_681b245c.exe
Size: 89.08 KB (89088 bytes)
MD5: ab352361300a6dbe645d332e838e5236
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: May 3, 2017

Registry Modifications

The following newly produced Registry Values are:

File name without pathHELP_DECRYPT_YOUR_FILES.TXTHKEY..\..\..\..{RegistryKeys}Software\Microsoft\Windows\CurrentVersion\Run\FlashPlayarPluginsSoftware\Microsoft\Windows\CurrentVersion\Run\FlashPlayerPluginsSoftware\Microsoft\Windows\CurrentVersion\RunOnce\*FlashPlayersPluginSoftware\Microsoft\Windows\CurrentVersion\RunOnce\*FleshPlayarPluginsSoftware\Microsoft\Windows\CurrentVersion\Shell\FlashPlayarsPluginK
Loading...