When it runs, Ransom:Win32/Crilock.B copies itself to %APPDATA%\zkauhxfbmpubhr.exe.
It creates the following files on your PC:
might contact these servers using port 80:
Commonly, malware might contact to a remote host to do these:
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files (including updates or additional malware)
- Receive instruction from a malicious hacker
- Upload data taken from your PC
This malware description was produced and published using our automated analysis system's examination of file SHA1 48146b81b85e41b67489f2c20a4e38cb10d1c778.
The following could indicate that you have this threat on your PC:
- You have this file: %APPDATA%\zkauhxfbmpubhr.exe