What is “GenCBL.Ransom.FileCryptor.DDS”?

The GenCBL.Ransom.FileCryptor.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What GenCBL.Ransom.FileCryptor.DDS virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine GenCBL.Ransom.FileCryptor.DDS?


File Info:
name: CAF9C5EBE40769019813.mlw
path: /opt/CAPEv2/storage/binaries/416a707e939cbc0787886667346803f7796ad689b6b92d53f68c67474d30ea95
crc32: 7B739DED
md5: caf9c5ebe40769019813cba2cef753c0
sha1: 04325f60071739b588939f43fb532260be6013b0
sha256: 416a707e939cbc0787886667346803f7796ad689b6b92d53f68c67474d30ea95
sha512: 3458ec91088455a96679e44cda24bfbaf7e0db4a1402209dfa18ef60a90e0d9932741d37d825ed745e4c99c537a87685f409923d61f413fca8f6895f4632faee
ssdeep: 49152:nPY3dCNbXjvnAjvnAPY3dCNbGT2HwnrvS/c6D/qjvn:A3dGz2d3dGU2QnrXn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16EB5C01913A3D19FC2927BFE2A54E67C5C468D613D19DB1161713EEABE3032BCEC0629
sha3_384: 316a55553246205e568d6e975e3fb3db6b4a9173a03edaa0b35af8a5a65cc9f3a1ee852cd5f7abc3e18b1955e4eccb0a
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-04-21 17:12:26

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.1
InternalName: chrome.exe
LegalCopyright: Copyright ©  2023
LegalTrademarks: 
OriginalFilename: chrome.exe
ProductName: 
ProductVersion: 1.0.0.1
Assembly Version: 1.0.0.1

GenCBL.Ransom.FileCryptor.DDS also known as:

Lionic	Trojan.Win32.Agent.Y!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.462967
FireEye	Generic.mg.caf9c5ebe4076901
CAT-QuickHeal	Trojan.GenericFC.S30156187
McAfee	Artemis!CAF9C5EBE407
Malwarebytes	GenCBL.Ransom.FileCryptor.DDS
Zillya	Trojan.Agent.Win32.3385047
Sangfor	Trojan.Win32.Zusy.Vr2b
Alibaba	Trojan:MSIL/Surveyer.ee258e7d
Arcabit	Trojan.Zusy.D71077
BitDefenderTheta	Gen:NN.ZemsilF.36318.to0@aqJiZ1i
Cyren	W32/ABRisk.MVZW-4605
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.DCLCCXA
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Agent.gen
BitDefender	Gen:Variant.Zusy.462967
Avast	Win32:Malware-gen
Sophos	Mal/Generic-S
VIPRE	Gen:Variant.Zusy.462967
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Variant.Zusy.462967 (B)
SentinelOne	Static AI – Suspicious PE
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.Wacatac
ZoneAlarm	HEUR:Trojan.MSIL.Agent.gen
GData	Gen:Variant.Zusy.462967
Google	Detected
ALYac	Gen:Variant.Zusy.462967
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09DL23
Tencent	Malware.Win32.Gencirc.13b965ec
Ikarus	Trojan.MSIL.Surveyer
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS

How to remove GenCBL.Ransom.FileCryptor.DDS?

GenCBL.Ransom.FileCryptor.DDS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X