GoldenEye Ransomware
Posted: December 7, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 473 |
First Seen: | December 7, 2016 |
---|---|
Last Seen: | July 15, 2023 |
OS(es) Affected: | Windows |
The GoldenEye Ransomware is a Trojan that combines the data-encrypting features of both the Petya Ransomware and the Mischa Ransomware. In addition to locking your files, it can modify the underlying file system and interfere with the boot-up process negatively. PC users should protect their computers with anti-malware software able to delete the GoldenEye Ransomware before it compromises the system.
A Rogue Agent on the Loose
Although they haven't seen the widespread recognition of 'freeware' threats like Hidden Tear or EDA2 Trojans, the Petya Ransomware and the Mischa Ransomware belong to a family that receives dedicated updates and sophisticated campaigning exploits. The latest entry in this group, the GoldenEye Ransomware, combines the features of both of the above Trojans. Accordingly, threat actors have a 'backup plan' that lets them continue attacking your computer's data, even if the other portions of the payload fail for unanticipated reasons.
The GoldenEye Ransomware seems to be targeting PC users in European nations like Germany, using the technique of disguising Trojan droppers as being invoices and additional work minutia. PDF and spreadsheet-based Trojans attached to e-mail messages install the GoldenEye Ransomware, triggering a Visual Basic script that encrypts the PC.
At first, the GoldenEye Ransomware leverages a standard file-based encryption attack for locking your media, also adding random eight-character strings to their names. The Trojan then hijacks the MBR to force the computer to reboot into its custom loader, along with creating a ransom message. This custom loading routine uses a fake version of the Windows Check Disk screen to distract the victim while the GoldenEye Ransomware begins another encryption attack that malware experts find targeting the drive's Master File Table.
Keeping the Gold out of a Trojan's Eyesight
Depending on whether or not the more-invasive MFT encryption supplants the file-by-file encryption of the GoldenEye Ransomware's first attack, victims may see either a Notepad-based ransom note or a message on the boot loader screen. In either case, these people promote their TOR-based Web infrastructure for collecting payments, after which they claim to provide decryption solutions. The GoldenEye Ransomware asks for one thousand dollars in the Bitcoin currency currently, a sum that malware experts often see in campaigns targeting unprotected businesses.
Even if the GoldenEye Ransomware's attempt at compromising the MFT is partially or wholly unsuccessful, it can cause permanent damage to the operating system or your saved files. However, its current distribution methods are just as dependent on confirmed infection vectors as past threats. Business administrators should continue educating their workers on the possibility of e-mail-based Trojan attacks, particularly for Germany, where malware experts can confirm over a hundred GoldenEye Ransomware infections.
Traditional anti-malware solutions may be able to delete the GoldenEye Ransomware or block its installers, but a complete recovery from its payload can require reinstalling Windows and salvaging all data from a backup. Even a small step in prevention is far more practical than an after-the-fact recovery from this rogue agent's attacks.
[
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:d83f9e8710e02289b47698de47a399002681d3f971ec8ee6e5599a97136150b5.exe
File name: d83f9e8710e02289b47698de47a399002681d3f971ec8ee6e5599a97136150b5.exeSize: 1.94 MB (1941504 bytes)
MD5: 395c163bca85a2ad301dc1fee8771df6
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
b1bf065e03d5faf74322d9ddda083a2f4c5d12f4d6080a791ec69ed0b709b3c8.exe
File name: b1bf065e03d5faf74322d9ddda083a2f4c5d12f4d6080a791ec69ed0b709b3c8.exeSize: 1.26 MB (1263104 bytes)
MD5: e1641c297d8c5d60f0f699f10f7a3b49
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
b1001053d0729388ac1d1b4d8aafec4044bf92756eec1bfe2b7becef4a3bc956.exe
File name: b1001053d0729388ac1d1b4d8aafec4044bf92756eec1bfe2b7becef4a3bc956.exeSize: 1.4 MB (1402880 bytes)
MD5: ca2a850bef517532ab81a68997c7f34b
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
f5d7da76ebcac596156b94ad94495002980fcedf983a0f418622faf23c88b60a.exe
File name: f5d7da76ebcac596156b94ad94495002980fcedf983a0f418622faf23c88b60a.exeSize: 262.14 KB (262144 bytes)
MD5: 7e928f47de95eaecb937bba3d9ec81e8
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
f249f03389a370d2637db36b75511c285fdb1b0ae9e720521ffbbeb64c44517b.exe
File name: f249f03389a370d2637db36b75511c285fdb1b0ae9e720521ffbbeb64c44517b.exeSize: 261.63 KB (261632 bytes)
MD5: b7e36d14e84772f2bbbfd881f4e15c81
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
d95df50fab57f4a370cb48eae5d9145dee71bea02f448848d202f158f5de4daf.exe
File name: d95df50fab57f4a370cb48eae5d9145dee71bea02f448848d202f158f5de4daf.exeSize: 262.14 KB (262144 bytes)
MD5: 9d1f6aa6e2b657aadb58c220855cf6b8
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
c7b13a995ac1e7d861084679309fb459199578ec10f440447bcc5e546b62c1dd.exe
File name: c7b13a995ac1e7d861084679309fb459199578ec10f440447bcc5e546b62c1dd.exeSize: 261.63 KB (261632 bytes)
MD5: 864db706d7098d0a123913ecf14c4f31
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
fba118165354c07cdf696a00f90dd2a1202e6ed5acc7462a1bd68aba25db3978.exe
File name: fba118165354c07cdf696a00f90dd2a1202e6ed5acc7462a1bd68aba25db3978.exeSize: 1.2 MB (1209344 bytes)
MD5: 42a77a52b11ead2a3c16a8ebdf91182f
Detection count: 22
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
b467bf95532b57898cf5f901a7f6bc7e574356ca7a7662094e937176ea1dff85.exe
File name: b467bf95532b57898cf5f901a7f6bc7e574356ca7a7662094e937176ea1dff85.exeSize: 262.14 KB (262144 bytes)
MD5: 55c5eabc1160345919abe5349ada9134
Detection count: 22
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2020
fb58221d8d3c9b3ce61f47dea76c7ef70c9a68eaf685736f038638f5367c21ec.exe
File name: fb58221d8d3c9b3ce61f47dea76c7ef70c9a68eaf685736f038638f5367c21ec.exeSize: 1.26 MB (1263104 bytes)
MD5: 7385a72641ca3e5c6bcb1e371f3c8b1f
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
a6752f9a9a134b4cfd27cba109b793c75ae3615e7ac5796fa336255b366fab0c.exe
File name: a6752f9a9a134b4cfd27cba109b793c75ae3615e7ac5796fa336255b366fab0c.exeSize: 258.04 KB (258048 bytes)
MD5: 4f3172d3d552b2fc8efe83909b91f45d
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
9a848f6a408460fdc3475c740d7a20d2c11c8547c9ce2d183589fc358f086fdf.exe
File name: 9a848f6a408460fdc3475c740d7a20d2c11c8547c9ce2d183589fc358f086fdf.exeSize: 262.14 KB (262144 bytes)
MD5: 8e126c1808f4c7f245906cd1109e25ee
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
741bb7ba53fffbbcf337f4a9665586913c4ccbb9c57f579e18cf90c446f4c997.exe
File name: 741bb7ba53fffbbcf337f4a9665586913c4ccbb9c57f579e18cf90c446f4c997.exeSize: 260.61 KB (260612 bytes)
MD5: f2d76f3f0d76076d1ac98ed2d3691ffa
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
6a7a73df77859a9c68b026e7c425a9a2448ef23a970ddc7223600e79a7835029.exe
File name: 6a7a73df77859a9c68b026e7c425a9a2448ef23a970ddc7223600e79a7835029.exeSize: 262.14 KB (262144 bytes)
MD5: 5fc5709455208d435a5077542217a85d
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
6896f5f4bd7c2e769aa36a02b320103771deae241bc64110e32465e726e2ca03.exe
File name: 6896f5f4bd7c2e769aa36a02b320103771deae241bc64110e32465e726e2ca03.exeSize: 261.63 KB (261632 bytes)
MD5: a97bf621240f6abf5559b60b45b0c35c
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
677dac10932a44aead63cbba338113b2e8826768741c5567479487a105c6275e.exe
File name: 677dac10932a44aead63cbba338113b2e8826768741c5567479487a105c6275e.exeSize: 262.14 KB (262144 bytes)
MD5: 17d02f5d8f34a874516f7cca588b103a
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
66fa85b64b8b3039b4eb66be1467c441d292f73b31fa48fd488e13861f4440fb.exe
File name: 66fa85b64b8b3039b4eb66be1467c441d292f73b31fa48fd488e13861f4440fb.exeSize: 261.63 KB (261632 bytes)
MD5: 07ee2abe737371d6cc7a3f327bddad52
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
54a4d7f770fb20d538b49edff42cd6fb1014158338993e3bf30231f8cd4d977c.exe
File name: 54a4d7f770fb20d538b49edff42cd6fb1014158338993e3bf30231f8cd4d977c.exeSize: 261.63 KB (261632 bytes)
MD5: e56c4f483bacc9c0e8a17d9f775ca44b
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
53be0977f579c209df24d8d128ed5a69f58822beddcbac0c39f5af5490b0d705.exe
File name: 53be0977f579c209df24d8d128ed5a69f58822beddcbac0c39f5af5490b0d705.exeSize: 261.63 KB (261632 bytes)
MD5: c27e74c6a5d37a079d185fbbd9c3ce46
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
2df63482dcbf94e7524b60248f7db8162409dabcdcd279ae0ef16e16e02daf30.exe
File name: 2df63482dcbf94e7524b60248f7db8162409dabcdcd279ae0ef16e16e02daf30.exeSize: 262.14 KB (262144 bytes)
MD5: f3d2e795187a135e00038674fca034eb
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
2863c8e24d6e000efedd6e08205724b46ceaab6883220b491e0b677153b97375.exe
File name: 2863c8e24d6e000efedd6e08205724b46ceaab6883220b491e0b677153b97375.exeSize: 261.63 KB (261632 bytes)
MD5: 2484d6b75accf237e13d6051effe70ce
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
01d8e1d4663905edf72176eee2bc470cd7e76779a45fbe0fdeca98afc693b11c.exe
File name: 01d8e1d4663905edf72176eee2bc470cd7e76779a45fbe0fdeca98afc693b11c.exeSize: 262.14 KB (262144 bytes)
MD5: cbed326a9bf439e96dbad479bb9bafa3
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
010edeca40dfb864899708c6e49eb34ba42d48eb959b2426fdb7af7f254d2146.exe
File name: 010edeca40dfb864899708c6e49eb34ba42d48eb959b2426fdb7af7f254d2146.exeSize: 261.63 KB (261632 bytes)
MD5: 9e6f4b572b4bf00cb0f10f984b552e07
Detection count: 3
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
More files
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.