FileCoder Ransomware

Posted: September 26, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	430
Threat Level:	9/10
Infected PCs:	16,453

First Seen:	December 25, 2012
Last Seen:	October 17, 2023
OS(es) Affected:	Windows

FileCoder is a broad category of Trojans that use file encryption attacks to back up their ransomware scams, which demand money in exchange for restoring the files on your PC. Variants of Filecoder may claim that the first attack was implemented by a third party or that legal penalties involving file encryption have been enacted against you, but these attacks never are legally justified, nor do SpywareRemove.com malware researchers recommend paying the ransoms that FileCoder Trojans request. Since 2013 has seen a meteoric rise in confirmed FileCoder Ransomware infections, protecting your PC from attacks that may install a variant of Filecoder and having anti-malware programs capable of removing FileCoder infections are even more relevant to the modern PC user than ever before.

The Ransom Demand that's Backed Up with More Than Just Lies

FileCoder is a family of ransomware Trojans – similar to the Ukash Virus or various Police Ransomware Trojans – that display system alerts in an attempt to make you pay ransoms. Unlike most kinds of ransomware, the FileCoder Ransomware Trojans differentiate themselves from less invasive PC threats by doing more than displaying a ransom and blocking your PC: they also encrypt many file types on your computer. Often targeted file types include text documents, PDFs, music and videos. The type of encryption varies, but malware researchers warn that it always will make the affected files temporarily unusable. Many encryption attacks also change the names of the files they encrypt so that the victim can tell very easily what's at stake.

In some cases, there are free decryption utilities that will allow you to reverse a Filecoder's attacks against your files. However, in some scenarios, the only way to decrypt your files will be to acquire a decryption key, which is where FileCoder Ransomware's ransom demand comes into play. Despite Filecoder's ransom seeming like your only hope for getting your files back, SpywareRemove.com malware researchers recommend saving your money and, instead, restoring any affected files from a remote backup (such as a DVD or USB drive).

How to Keep Your Files from Being Exploited by Filecoder

FileCoder has a distribution pattern that currently is foremost in Russia, followed by various regions of Europe and the United States. PC users in these countries should be particularly cautious about potential infection vectors for the FileCoder Ransomware, such as e-mail file attachments (most often used against private industry or government targets) and potentially harmful websites disguised as media sites (a common infection method for personal computers). Appropriate Web-browsing habits and having anti-malware programs capable of blocking most Web-based attacks will protect your computer from all of these means of getting infected with Filecoder.

Once the FileCoder Ransomware infects your PC, Filecoder usually will severely limit your access to other applications, besides its already mentioned attacks against other files. SpywareRemove.com malware experts consider booting your PC from a removable drive to be the simplest way around such issues, which will allow you to remove the FileCoder Ransomware with whatever anti-malware product you consider being appropriate.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

d:\all ransomware\ataware ransomware

File name: ataware ransomware
Size: 780.8 KB (780800 bytes)
MD5: aa5348671cb56557925b185d4ebe875a
Detection count: 5
Path: d:\all ransomware
Group: Malware file
Last Updated: August 28, 2020

d:\all ransomware\blackrouter ransomware\1f15a3e297b9017c40276ad1c32d606c8beebbf432227b47360f3674bfb60127.bin

File name: 1f15a3e297b9017c40276ad1c32d606c8beebbf432227b47360f3674bfb60127.bin
Size: 2.87 MB (2877952 bytes)
MD5: ebad44d2a8c72765aa64bae691458a34
Detection count: 5
File type: Binary File
Mime Type: unknown/bin
Path: d:\all ransomware\blackrouter ransomware
Group: Malware file
Last Updated: August 28, 2020

d:\all ransomware\flatchestware\f8d907099731ba448fef98c4b100265ac37dc57ff26917ff3699fc0060f91cab.bin

File name: f8d907099731ba448fef98c4b100265ac37dc57ff26917ff3699fc0060f91cab.bin
Size: 937.98 KB (937984 bytes)
MD5: 9997853609388189c6aaec5511a1dd17
Detection count: 5
File type: Binary File
Mime Type: unknown/bin
Path: d:\all ransomware\flatchestware
Group: Malware file
Last Updated: August 28, 2020

d:\all ransomware\samsam ransomware\1ad4c9e3d0e04e7f1e32e196ea1e87ed64237485baab4cfa4b07eed44d4b347d.bin

File name: 1ad4c9e3d0e04e7f1e32e196ea1e87ed64237485baab4cfa4b07eed44d4b347d.bin
Size: 40.44 KB (40448 bytes)
MD5: 73a4cf1512fc097fc28b6b75915b34bf
Detection count: 5
File type: Binary File
Mime Type: unknown/bin
Path: d:\all ransomware\samsam ransomware
Group: Malware file
Last Updated: August 28, 2020

d:\all ransomware\tfflower ransomware\cxmxjh.bin

File name: cxmxjh.bin
Size: 6.28 MB (6283264 bytes)
MD5: a14798d28ef66745b8e424b52abf0026
Detection count: 5
File type: Binary File
Mime Type: unknown/bin
Path: d:\all ransomware\tfflower ransomware
Group: Malware file
Last Updated: August 28, 2020

d:\all ransomware\sifrelendi\ransomeware\svchost.bin

File name: svchost.bin
Size: 772.09 KB (772096 bytes)
MD5: c6d90484c49c61234f01f8aa5c9de150
Detection count: 5
File type: Binary File
Mime Type: unknown/bin
Path: d:\all ransomware\sifrelendi\ransomeware
Group: Malware file
Last Updated: August 28, 2020

d:\all ransomware\zayka ransomware\366623b97142a54efd9be31c673c409bdcfbc6ca0bed50e9bbc9b73d7443a55b.bin

File name: 366623b97142a54efd9be31c673c409bdcfbc6ca0bed50e9bbc9b73d7443a55b.bin
Size: 320.51 KB (320512 bytes)
MD5: 55c646dd6b45052eb4c779a476349003
Detection count: 5
File type: Binary File
Mime Type: unknown/bin
Path: d:\all ransomware\zayka ransomware
Group: Malware file
Last Updated: August 28, 2020

d:\all ransomware\round6\7ce637575c601a6708c568b433cb36935d9c47559d69d3958f04687f398066b7.bin

File name: 7ce637575c601a6708c568b433cb36935d9c47559d69d3958f04687f398066b7.bin
Size: 162.3 KB (162304 bytes)
MD5: e2a216e07203ec64c98eed979f260edd
Detection count: 5
File type: Binary File
Mime Type: unknown/bin
Path: d:\all ransomware\round6
Group: Malware file
Last Updated: August 28, 2020

a.exe

File name: a.exe
Size: 72.7 KB (72704 bytes)
MD5: e6353f79779a553c822deab899649b1b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 7, 2020