CTB-Locker_Critoni Ransomware
Posted: July 22, 2014
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 3,675 |
| First Seen: | July 22, 2014 |
|---|---|
| Last Seen: | November 10, 2023 |
| OS(es) Affected: | Windows |
Aliases
Inject2.BJOA [AVG]W32/Filecoder.EB!tr [Fortinet]Trojan/Win32.Necurs [AhnLab-V3]Trojan/Win32.Inject [Antiy-AVL]Mal/Wonton-AF [Sophos]BehavesLike.Win32.PWSZbot.fh [McAfee-GW-Edition]Trojan.Encoder.853 [DrWeb]TrojWare.Win32.Amtar.amu [Comodo]Trojan.Win32.Inject.ttcq [Kaspersky]Win32:Injector-CLC [Trj] [Avast]Trojan ( 004b31fd1 ) [K7AntiVirus]RDN/Generic.dx!dhv [McAfee]TrojanRansom.Crowti.A4 [CAT-QuickHeal]Crypt3.BTGZ [AVG]Trojan-Ransom.CTBLocker [Ikarus]
More aliases (47)
More aliases (47)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:ford_invoice_2015_01_20-15_47.scr
File name: ford_invoice_2015_01_20-15_47.scrSize: 40.96 KB (40960 bytes)
MD5: 153c6d9d91fe78b70b336bd2688d777a
Detection count: 85
Mime Type: unknown/scr
Group: Malware file
Last Updated: January 23, 2015
flowserve_invoice_2015_01_20-15_51.scr
File name: flowserve_invoice_2015_01_20-15_51.scrSize: 40.44 KB (40448 bytes)
MD5: 63147780369571c64bdd55084c5c4857
Detection count: 84
Mime Type: unknown/scr
Group: Malware file
Last Updated: January 23, 2015
enkindle.scr
File name: enkindle.scrSize: 29.69 KB (29696 bytes)
MD5: 57fab926134689e12513811a63c61946
Detection count: 83
Mime Type: unknown/scr
Group: Malware file
Last Updated: January 23, 2015
%TEMP%\bqnvgig.exe
File name: bqnvgig.exeSize: 706.56 KB (706560 bytes)
MD5: 4ebd076047a04290f23f02d6ecd16fee
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 22, 2015
chapman_invoice_2015_01_20-16_01.scr
File name: chapman_invoice_2015_01_20-16_01.scrSize: 41.98 KB (41984 bytes)
MD5: 4d2c78c273fa23d78624251f2059538d
Detection count: 82
Mime Type: unknown/scr
Group: Malware file
Last Updated: January 23, 2015
captec_invoice_2015_01_20-16_06.scr
File name: captec_invoice_2015_01_20-16_06.scrSize: 41.47 KB (41472 bytes)
MD5: 2cab826c558bb3a24894c590bfca8a9b
Detection count: 81
Mime Type: unknown/scr
Group: Malware file
Last Updated: January 23, 2015
brittlely.scr
File name: brittlely.scrSize: 29.69 KB (29696 bytes)
MD5: 61637ebf2ec4e4baffc6f18e9f00bde9
Detection count: 80
Mime Type: unknown/scr
Group: Malware file
Last Updated: January 23, 2015
%USERPROFILE%\Desktop\7ea9e7d0e7314c2ab5c23b100f60365d\wylam_invoice_2015_01_20-15_42.scr
File name: wylam_invoice_2015_01_20-15_42.scrSize: 41.98 KB (41984 bytes)
MD5: 0ab519048a9173de2edf95294a2a68bd
Detection count: 74
Mime Type: unknown/scr
Path: %USERPROFILE%\Desktop\7ea9e7d0e7314c2ab5c23b100f60365d
Group: Malware file
Last Updated: January 23, 2015
file-7938054_EXE
File name: file-7938054_EXESize: 657.4 KB (657408 bytes)
MD5: 6092ec1035366851a8c8e80442b1245a
Detection count: 41
Group: Malware file
Last Updated: January 22, 2015
%TEMP%\kb04009100.exe
File name: kb04009100.exeSize: 729.08 KB (729088 bytes)
MD5: 18dfcf3479bbd3878c0f19b80a01e813
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 22, 2015
%WINDIR%\ygehnnol.exe
File name: ygehnnol.exeSize: 286.72 KB (286720 bytes)
MD5: 7027a7ee4fbcb26f1d039035ebd0dca5
Detection count: 30
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: May 12, 2015
%TEMP%\ljchyff.exe
File name: ljchyff.exeSize: 757.43 KB (757434 bytes)
MD5: 7aaa4bd1c2ca44174f17f06deb6221ff
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: June 16, 2015
%TEMP%\ochzigh.exe
File name: ochzigh.exeSize: 704 KB (704000 bytes)
MD5: 803f9c1091e5ca6dc3e9aa90172e0bf4
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 22, 2015
%TEMP%\jkylgdbirzboad.exe
File name: jkylgdbirzboad.exeSize: 749.24 KB (749242 bytes)
MD5: 015fb9d19a20ba42e5c3b758668d4563
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: November 26, 2018
%TEMP%\eugqrwi.exe
File name: eugqrwi.exeSize: 697.34 KB (697344 bytes)
MD5: 49e988b04144b478e3f52b2abe8a5572
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 22, 2015
%TEMP%\kzjyswn.exe
File name: kzjyswn.exeSize: 704.51 KB (704512 bytes)
MD5: 14c0558c757c93465eccbbd77d58bbf3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 22, 2015
%TEMP%\cjdolsd.exe
File name: cjdolsd.exeSize: 704.51 KB (704512 bytes)
MD5: b4e5dec85e9b7eec2a8b2b1addceb8ab
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 22, 2015
%TEMP%\xlejyim.exe
File name: xlejyim.exeSize: 669.69 KB (669696 bytes)
MD5: adb0de790bd3fb88490a60f0dddd90fa
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: February 10, 2015
%TEMP%\file.exe
File name: file.exeSize: 822.29 KB (822296 bytes)
MD5: a65a63148e6f7b11eddb8f54a7fb58a5
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: August 4, 2016
More files
Registry Modifications
The following newly produced Registry Values are:
Regexp file mask%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]HELP_DECRYPT[RANDOM CHARACTERS]%userprofile%\documents\[RANDOM CHARACTERS]Decrypt-All-Files[RANDOM CHARACTERS]%userprofile%\documents\Decrypt All Files[RANDOM CHARACTERS].bmp%USERPROFILE%\My Documents\[RANDOM CHARACTERS]Decrypt-All-Files[RANDOM CHARACTERS]HKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Components UpdateSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Security
Regexp file mask%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]HELP_DECRYPT[RANDOM CHARACTERS]%userprofile%\documents\[RANDOM CHARACTERS]Decrypt-All-Files[RANDOM CHARACTERS]%userprofile%\documents\Decrypt All Files[RANDOM CHARACTERS].bmp%USERPROFILE%\My Documents\[RANDOM CHARACTERS]Decrypt-All-Files[RANDOM CHARACTERS]HKEY..\..\..\..{RegistryKeys}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Components UpdateSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Security
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.