Ransom Trojan

BScope.TrojanRansom.Crypren (file analysis)

Malware Removal

The BScope.TrojanRansom.Crypren is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.TrojanRansom.Crypren virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Installs a browser addon or extension
  • The binary likely contains encrypted or compressed data.
  • Crashed cuckoomon during analysis. Report this error to the Github repo.
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine BScope.TrojanRansom.Crypren?



File Info:

crc32: 324088D3
md5: dc319ddc74dbe8f6a215edc47c68221a
name: folderview.exe
sha1: af53a1c4c2f5b94bb63586d5616dc53e77a9debb
sha256: 0a749eb10a669bb5441e202d46e99fd718d81f4a39c59174c73b8277b9d5035c
sha512: 573b5897093a451933c65f6417095c3bc01255d5424ea73e3d36bb72f00ef616edb0001417b5ba6695d43de52076dc4293db694d8860b14a964bff671e4e6614
ssdeep: 98304:h97UCYG/bJsjy5DFTQVMi/tn58aNQ5HkSXDln6TlU5hnFvtX4tUibmLE:jzJky5h0MwdNQ5EORn6TlSbD4
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright 1999-2020 by Exontrol
InternalName: Exontrol Installer/Uninstaller Tool
FileVersion: 12, 0, 0, 1
CompanyName: Exontrol
SpecialBuild: 210000
LegalTrademarks: Copyright 1999-2020 by Exontrol
Comments: http://www.exontrol.com
ProductName: Exontrol Installer Tool
ProductVersion: 12, 0, 0, 1
FileDescription: Exontrol Installer/Uninstaller Tool
OriginalFilename: ExInstall.exe
Translation: 0x0409 0x04b0

BScope.TrojanRansom.Crypren also known as:

APEXMalicious
McAfee-GW-EditionGenericRXJN-GL!DC319DDC74DB
Trapminemalicious.high.ml.score
Antiy-AVLGrayWare/Win32.Presenoker
McAfeeGenericRXJN-GL!DC319DDC74DB
VBA32BScope.TrojanRansom.Crypren

How to remove BScope.TrojanRansom.Crypren?

BScope.TrojanRansom.Crypren removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment