Home Malware Programs Ransomware GoldenEye Ransomware

GoldenEye Ransomware

Posted: December 7, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 506
First Seen: December 7, 2016
Last Seen: July 15, 2023
OS(es) Affected: Windows


The GoldenEye Ransomware is a Trojan that combines the data-encrypting features of both the Petya Ransomware and the Mischa Ransomware. In addition to locking your files, it can modify the underlying file system and interfere with the boot-up process negatively. PC users should protect their computers with anti-malware software able to delete the GoldenEye Ransomware before it compromises the system.

A Rogue Agent on the Loose

Although they haven't seen the widespread recognition of 'freeware' threats like Hidden Tear or EDA2 Trojans, the Petya Ransomware and the Mischa Ransomware belong to a family that receives dedicated updates and sophisticated campaigning exploits. The latest entry in this group, the GoldenEye Ransomware, combines the features of both of the above Trojans. Accordingly, threat actors have a 'backup plan' that lets them continue attacking your computer's data, even if the other portions of the payload fail for unanticipated reasons.

The GoldenEye Ransomware seems to be targeting PC users in European nations like Germany, using the technique of disguising Trojan droppers as being invoices and additional work minutia. PDF and spreadsheet-based Trojans attached to e-mail messages install the GoldenEye Ransomware, triggering a Visual Basic script that encrypts the PC.

At first, the GoldenEye Ransomware leverages a standard file-based encryption attack for locking your media, also adding random eight-character strings to their names. The Trojan then hijacks the MBR to force the computer to reboot into its custom loader, along with creating a ransom message. This custom loading routine uses a fake version of the Windows Check Disk screen to distract the victim while the GoldenEye Ransomware begins another encryption attack that malware experts find targeting the drive's Master File Table.

Keeping the Gold out of a Trojan's Eyesight

Depending on whether or not the more-invasive MFT encryption supplants the file-by-file encryption of the GoldenEye Ransomware's first attack, victims may see either a Notepad-based ransom note or a message on the boot loader screen. In either case, these people promote their TOR-based Web infrastructure for collecting payments, after which they claim to provide decryption solutions. The GoldenEye Ransomware asks for one thousand dollars in the Bitcoin currency currently, a sum that malware experts often see in campaigns targeting unprotected businesses.

Even if the GoldenEye Ransomware's attempt at compromising the MFT is partially or wholly unsuccessful, it can cause permanent damage to the operating system or your saved files. However, its current distribution methods are just as dependent on confirmed infection vectors as past threats. Business administrators should continue educating their workers on the possibility of e-mail-based Trojan attacks, particularly for Germany, where malware experts can confirm over a hundred GoldenEye Ransomware infections.

Traditional anti-malware solutions may be able to delete the GoldenEye Ransomware or block its installers, but a complete recovery from its payload can require reinstalling Windows and salvaging all data from a backup. Even a small step in prevention is far more practical than an after-the-fact recovery from this rogue agent's attacks.
[

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to GoldenEye Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



b3b03935bc755e6444f907effa69d30b05ba994d67b7fe43bd12d5f2c1f8ed9b.exe File name: b3b03935bc755e6444f907effa69d30b05ba994d67b7fe43bd12d5f2c1f8ed9b.exe
Size: 1.2 MB (1208832 bytes)
MD5: 83322160d48b16602ae93c3cf161521a
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
b2eb1190e6768ee5fcaac71467346f21bbebd29d9627240fb62acb4be0029ca4.exe File name: b2eb1190e6768ee5fcaac71467346f21bbebd29d9627240fb62acb4be0029ca4.exe
Size: 1.94 MB (1941504 bytes)
MD5: 080e38fee28ae0cb2b8dea40f32d58cd
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
b2bdd2db323bb38e86b8f7cbf7d21d10d58bf27cf3c0938dca7ee3796bdd400d.exe File name: b2bdd2db323bb38e86b8f7cbf7d21d10d58bf27cf3c0938dca7ee3796bdd400d.exe
Size: 1.47 MB (1479680 bytes)
MD5: 5c2acd28b59994e8aca162fee2ff19fb
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
b1bf065e03d5faf74322d9ddda083a2f4c5d12f4d6080a791ec69ed0b709b3c8.exe File name: b1bf065e03d5faf74322d9ddda083a2f4c5d12f4d6080a791ec69ed0b709b3c8.exe
Size: 1.26 MB (1263104 bytes)
MD5: e1641c297d8c5d60f0f699f10f7a3b49
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
b1001053d0729388ac1d1b4d8aafec4044bf92756eec1bfe2b7becef4a3bc956.exe File name: b1001053d0729388ac1d1b4d8aafec4044bf92756eec1bfe2b7becef4a3bc956.exe
Size: 1.4 MB (1402880 bytes)
MD5: ca2a850bef517532ab81a68997c7f34b
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 8, 2016
f5d7da76ebcac596156b94ad94495002980fcedf983a0f418622faf23c88b60a.exe File name: f5d7da76ebcac596156b94ad94495002980fcedf983a0f418622faf23c88b60a.exe
Size: 262.14 KB (262144 bytes)
MD5: 7e928f47de95eaecb937bba3d9ec81e8
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
f249f03389a370d2637db36b75511c285fdb1b0ae9e720521ffbbeb64c44517b.exe File name: f249f03389a370d2637db36b75511c285fdb1b0ae9e720521ffbbeb64c44517b.exe
Size: 261.63 KB (261632 bytes)
MD5: b7e36d14e84772f2bbbfd881f4e15c81
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
d95df50fab57f4a370cb48eae5d9145dee71bea02f448848d202f158f5de4daf.exe File name: d95df50fab57f4a370cb48eae5d9145dee71bea02f448848d202f158f5de4daf.exe
Size: 262.14 KB (262144 bytes)
MD5: 9d1f6aa6e2b657aadb58c220855cf6b8
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
c7b13a995ac1e7d861084679309fb459199578ec10f440447bcc5e546b62c1dd.exe File name: c7b13a995ac1e7d861084679309fb459199578ec10f440447bcc5e546b62c1dd.exe
Size: 261.63 KB (261632 bytes)
MD5: 864db706d7098d0a123913ecf14c4f31
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
b467bf95532b57898cf5f901a7f6bc7e574356ca7a7662094e937176ea1dff85.exe File name: b467bf95532b57898cf5f901a7f6bc7e574356ca7a7662094e937176ea1dff85.exe
Size: 262.14 KB (262144 bytes)
MD5: 55c5eabc1160345919abe5349ada9134
Detection count: 22
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 6, 2020
a6752f9a9a134b4cfd27cba109b793c75ae3615e7ac5796fa336255b366fab0c.exe File name: a6752f9a9a134b4cfd27cba109b793c75ae3615e7ac5796fa336255b366fab0c.exe
Size: 258.04 KB (258048 bytes)
MD5: 4f3172d3d552b2fc8efe83909b91f45d
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
9a848f6a408460fdc3475c740d7a20d2c11c8547c9ce2d183589fc358f086fdf.exe File name: 9a848f6a408460fdc3475c740d7a20d2c11c8547c9ce2d183589fc358f086fdf.exe
Size: 262.14 KB (262144 bytes)
MD5: 8e126c1808f4c7f245906cd1109e25ee
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
741bb7ba53fffbbcf337f4a9665586913c4ccbb9c57f579e18cf90c446f4c997.exe File name: 741bb7ba53fffbbcf337f4a9665586913c4ccbb9c57f579e18cf90c446f4c997.exe
Size: 260.61 KB (260612 bytes)
MD5: f2d76f3f0d76076d1ac98ed2d3691ffa
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
6a7a73df77859a9c68b026e7c425a9a2448ef23a970ddc7223600e79a7835029.exe File name: 6a7a73df77859a9c68b026e7c425a9a2448ef23a970ddc7223600e79a7835029.exe
Size: 262.14 KB (262144 bytes)
MD5: 5fc5709455208d435a5077542217a85d
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
6896f5f4bd7c2e769aa36a02b320103771deae241bc64110e32465e726e2ca03.exe File name: 6896f5f4bd7c2e769aa36a02b320103771deae241bc64110e32465e726e2ca03.exe
Size: 261.63 KB (261632 bytes)
MD5: a97bf621240f6abf5559b60b45b0c35c
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
677dac10932a44aead63cbba338113b2e8826768741c5567479487a105c6275e.exe File name: 677dac10932a44aead63cbba338113b2e8826768741c5567479487a105c6275e.exe
Size: 262.14 KB (262144 bytes)
MD5: 17d02f5d8f34a874516f7cca588b103a
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
66fa85b64b8b3039b4eb66be1467c441d292f73b31fa48fd488e13861f4440fb.exe File name: 66fa85b64b8b3039b4eb66be1467c441d292f73b31fa48fd488e13861f4440fb.exe
Size: 261.63 KB (261632 bytes)
MD5: 07ee2abe737371d6cc7a3f327bddad52
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
54a4d7f770fb20d538b49edff42cd6fb1014158338993e3bf30231f8cd4d977c.exe File name: 54a4d7f770fb20d538b49edff42cd6fb1014158338993e3bf30231f8cd4d977c.exe
Size: 261.63 KB (261632 bytes)
MD5: e56c4f483bacc9c0e8a17d9f775ca44b
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
53be0977f579c209df24d8d128ed5a69f58822beddcbac0c39f5af5490b0d705.exe File name: 53be0977f579c209df24d8d128ed5a69f58822beddcbac0c39f5af5490b0d705.exe
Size: 261.63 KB (261632 bytes)
MD5: c27e74c6a5d37a079d185fbbd9c3ce46
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
2df63482dcbf94e7524b60248f7db8162409dabcdcd279ae0ef16e16e02daf30.exe File name: 2df63482dcbf94e7524b60248f7db8162409dabcdcd279ae0ef16e16e02daf30.exe
Size: 262.14 KB (262144 bytes)
MD5: f3d2e795187a135e00038674fca034eb
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
2863c8e24d6e000efedd6e08205724b46ceaab6883220b491e0b677153b97375.exe File name: 2863c8e24d6e000efedd6e08205724b46ceaab6883220b491e0b677153b97375.exe
Size: 261.63 KB (261632 bytes)
MD5: 2484d6b75accf237e13d6051effe70ce
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
01d8e1d4663905edf72176eee2bc470cd7e76779a45fbe0fdeca98afc693b11c.exe File name: 01d8e1d4663905edf72176eee2bc470cd7e76779a45fbe0fdeca98afc693b11c.exe
Size: 262.14 KB (262144 bytes)
MD5: cbed326a9bf439e96dbad479bb9bafa3
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017
010edeca40dfb864899708c6e49eb34ba42d48eb959b2426fdb7af7f254d2146.exe File name: 010edeca40dfb864899708c6e49eb34ba42d48eb959b2426fdb7af7f254d2146.exe
Size: 261.63 KB (261632 bytes)
MD5: 9e6f4b572b4bf00cb0f10f984b552e07
Detection count: 3
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 4, 2017

More files

Related Posts

SpyHunter Free Trial: Important Terms & Conditions

The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac, offering comprehensive malware detection and removal functionality, high-performance guards to actively protect your system from malware threats, and access to our technical support team via the SpyHunter HelpDesk (or the number of devices set forth in the promotional materials/purchase page). You will not be charged upfront during the Trial period, although a credit card is required to activate the Trial. (Prepaid credit cards, debit cards, and gift cards are not accepted under this offer.) The requirement for your payment method is to help ensure continuous, uninterrupted security protection during your transition from a Trial to a paid subscription should you decide to purchase. Your payment method will not be charged a payment amount upfront during the Trial, although authorization requests may be sent to your financial institution to verify that your payment method is valid (such authorization submissions are not requests for charges or fees by EnigmaSoft but, depending upon your payment method and/or your financial institution, may reflect on your account availability). You can cancel your Trial by contacting EnigmaSoft no later than two business days before the 7-day Trial period expires to avoid a charge coming due and being processed immediately after your Trial expires. If you decide to cancel during your Trial, you will immediately lose access to SpyHunter. If, for any reason, you believe a charge was processed that you did not wish to make (which could occur based on system administration, for example), you may also cancel and receive a full refund for the charge any time within 30 days of the date of the purchase charge. See FAQs.

At the end of the Trial, you will be billed upfront immediately at the price and for the subscription period as set forth in the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country or promotion per purchase page details) if you have not timely canceled. Pricing typically starts at $72 for 3 months (SpyHunter Pro Windows) and $42 for 3 months (SpyHunter for Mac). Your purchased subscription will be automatically renewed in accordance with the registration/purchase page terms, which provide for automatic renewals at the then applicable standard subscription fee in effect at the time of your original purchase and for the same subscription time period or as set forth in the promotion materials/purchase page, provided you’re a continuous, uninterrupted subscription user. Please see the purchase page for details. Trial subject to these Terms, your agreement to EULA/TOS, Privacy/Cookie Policy, and Discount Terms. If you wish to uninstall SpyHunter, learn how.

For payment on the automatic renewal of your subscription, an email reminder will be sent to the email address you provided when you registered before each payment date. At the onset of your trial, you will receive an activation code that is limited to use for only one Trial and for only one device per account. Your subscription will automatically renew at the price and for the subscription period in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country or promotion per purchase page details), provided that you are a continuous, uninterrupted subscription user. For paid subscription users, if you cancel, you will continue to have access to your product(s) until the end of your paid subscription period. If you wish to receive a refund for your then current subscription period, you must cancel and apply for a refund within 30 days of your most recent purchase, and you will immediately stop receiving full functionality when your refund is processed.

For CALIFORNIA CONSUMERS, please see the notice provisions:

NOTICE TO CALIFORNIA CONSUMERS: Per the California Automatic Renewal Law, you may cancel a subscription as follows:

  1. Go to www.enigmasoftware.com and click the "Login" button at the top right corner.
  2. Log in with your username and password.
  3. In the navigation menu, go to "Order/Licenses." Next to your order/license, a button is available to cancel your subscription if applicable. Note: If you have multiple orders/products, you will need to cancel them on an individual basis.

Should you have any questions or problems, you can contact our EnigmaSoft support team by phone at +1 (888) 360-0646 (USA Toll-Free) / +353 76 680 3523 (Ireland/International) or by email at support@enigmasoftware.com.

How do you cancel a SpyHunter Trial? Users should contact EnigmaSoft Limited directly to cancel a SpyHunter Trial. Users can contact our technical support team by emailing support@enigmasoftware.com, opening a ticket in the SpyHunter HelpDesk, or calling +1 (888) 360-0646 (USA) / +353 76 680 3523 (Ireland/International). You can access the SpyHunter HelpDesk from SpyHunter's main screen. To open a support ticket, click on the "HelpDesk" icon. In the window that appears, click the "New Ticket" tab. Fill out the form and click the "Submit" button. If you are unsure of what "Problem Type" to select, please choose the "General Questions" option. Our support agents will promptly process your request and respond to you.

------

SpyHunter Purchase Details

You also have the choice of subscribing to SpyHunter immediately for full functionality, including malware removal and access to our support department via our HelpDesk, typically starting at $42 for 3 months (SpyHunter Basic Windows) and $42 for 3 months (SpyHunter for Mac) in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country or promotion per purchase page details). Your subscription will automatically renew at the then applicable standard subscription fee in effect at the time of your original purchase subscription and for the same subscription time period or as set forth in the promotion materials/purchase page, provided you’re a continuous, uninterrupted subscription user and for which you will receive a notice of upcoming charges before the expiration of your subscription. Purchase of SpyHunter is subject to the terms and conditions on the purchase page, EULA/TOS, Privacy/Cookie Policy and Discount Terms.

------

General Terms

Any purchase for SpyHunter under a discounted price is valid for the offered discounted subscription term. After that, the then applicable standard pricing will apply for automatic renewals and/or future purchases. Pricing is subject to change, although we will notify you in advance of price changes.

All SpyHunter versions are subject to your agreeing to our EULA/TOS, Privacy/Cookie Policy, and Discount Terms. Please also see our FAQs and Threat Assessment Criteria. If you wish to uninstall SpyHunter, learn how.

Spywareremove.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.