Hi,

The APIs SystemParametersInfoA and SystemParametersInfoW needs to be hooked for this signature to work and to detect most ransomware which modifies the wallpaper like Cerber or WannaCry. Currently this signature does not detect that the wallpaper has been modified.