Ransom

Generic.MSIL.Ransomware.Jigsaw.1B5BBFBD (file analysis)

Malware Removal

The Generic.MSIL.Ransomware.Jigsaw.1B5BBFBD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.MSIL.Ransomware.Jigsaw.1B5BBFBD virus can do?

  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

How to determine Generic.MSIL.Ransomware.Jigsaw.1B5BBFBD?



File Info:

crc32: 92641A90
md5: 49ea56bbb4aee43d03c8427acb452876
name: 49EA56BBB4AEE43D03C8427ACB452876.mlw
sha1: 014f6ed7044ba544f4c8a514ff6ee5ae328979a6
sha256: ca8501806e518f050da9df22b39481de8e41bb35bc5c42c6d0e3c2b812b55201
sha512: 35ec59b16ed5c246bc5e457bd76ec7084f50b355a27270b162ae6949a04fc64c81a791290a0fab29606fc4ace4666ac35e00c1c9f4bdc703ae72c225f7d367d0
ssdeep: 6144:Zhpx9UbW388yS1mSvcjf12GXXSrCbzgJ+xoHeqBnUnrD9RVVB+MRhasP2:ZhZD3gS17Uj1bnSrHsVqBUnrD9RVVdR
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2011-2012 by Mikalai Kalpinski. All right reserved.
Assembly Version: 1.3.29.0
InternalName: OrangeHeap.exe
FileVersion: 1.3.29.0
CompanyName: Mikalai Kalpinski
ProductName: Orange Heap
ProductVersion: 1.3.29.0
FileDescription: OrangeHeap
OriginalFilename: OrangeHeap.exe
Translation: 0x0000 0x04b0

Generic.MSIL.Ransomware.Jigsaw.1B5BBFBD also known as:

K7AntiVirusTrojan ( 0053fc801 )
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop8.627
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Generic
ALYacGeneric.MSIL.Ransomware.Jigsaw.1B5BBFBD
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:MSIL/Confuser.4fd63e5b
K7GWTrojan ( 0053fc801 )
Cybereasonmalicious.bb4aee
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/PSW.CoinStealer.AH
APEXMalicious
AvastWin32:PWSX-gen [Trj]
BitDefenderGeneric.MSIL.Ransomware.Jigsaw.1B5BBFBD
NANO-AntivirusTrojan.Win32.Confuser.eypzyt
MicroWorld-eScanGeneric.MSIL.Ransomware.Jigsaw.1B5BBFBD
TencentWin32.Trojan.Generic.Pgni
Ad-AwareGeneric.MSIL.Ransomware.Jigsaw.1B5BBFBD
SophosMal/Generic-R + Troj/Jigsaw-L
ComodoMalware@#3kcrshth0fl4p
BitDefenderThetaGen:NN.ZemsilF.34142.sm0@a8Vw0fi
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R067C0DF221
McAfee-GW-EditionBehavesLike.Win32.Fareit.dc
FireEyeGeneric.mg.49ea56bbb4aee43d
EmsisoftGeneric.MSIL.Ransomware.Jigsaw.1B5BBFBD (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.fefel
AviraTR/Redcap.vtqiw
eGambitUnsafe.AI_Score_99%
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:MSIL/Confuser.UI
ArcabitGeneric.MSIL.Ransomware.Jigsaw.1B5BBFBD
GDataGeneric.MSIL.Ransomware.Jigsaw.1B5BBFBD
AhnLab-V3Trojan/Win32.JigsawLocker.C2460314
Acronissuspicious
McAfeeArtemis!49EA56BBB4AE
MAXmalware (ai score=97)
VBA32TScope.Trojan.MSIL
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R067C0DF221
YandexTrojan.Agent!Qmiyz6dMytY
IkarusPUA.MSIL.Confuser
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/CoinStealer.AA!tr.pws
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml

How to remove Generic.MSIL.Ransomware.Jigsaw.1B5BBFBD?

Generic.MSIL.Ransomware.Jigsaw.1B5BBFBD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment