Malware

Generic.Ranosm.Maktub.2428E2D6 (file analysis)

Malware Removal

The Generic.Ranosm.Maktub.2428E2D6 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.Ranosm.Maktub.2428E2D6 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Looks up the external IP address
  • Detects Sandboxie through the presence of a library
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
myip.dnsomatic.com
y5mogzal2w25p6bn.ml

How to determine Generic.Ranosm.Maktub.2428E2D6?


File Info:

crc32: 37E3F59B
md5: ecbea8cb5cbe0fda0df4f720744123e0
name: ECBEA8CB5CBE0FDA0DF4F720744123E0.mlw
sha1: 7595457f969f3f8175914a9b4de4ebe8e55ced04
sha256: 6140f925217f7b4c7093d0422a122257623e93c54a8b9216caeaeebd17756119
sha512: 7e6c72f4738e3af88d348dd179b40d218bcbe4c8f7eaeafd734d6719d02ec98b347962399e5a864a4ef48816a8ffbbed50e818a5a83c3c6d7bb20a2a65c3a8ee
ssdeep: 12288:IaA1dauksCdWg/bs5paOFxUJHfOcxiMFegu/UsxA4r+twbz9odhFsM+gpO:IDdardWympbx0/OcxiJHMsBrGwarF
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2013
InternalName: explorer
FileVersion: 6.6.3852.6120
CompanyName: Intel Corporation
PrivateBuild: 1
LegalTrademarks: Copyright (C) 2013
Comments: explorer
ProductName: explorer
SpecialBuild: 1
ProductVersion: 6.6.3852.6120
FileDescription: explorer
OriginalFilename: explorer
Translation: 0x0409 0x04b0

Generic.Ranosm.Maktub.2428E2D6 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0052faf11 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.25395
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Sigmal.S2666360
ALYacGeneric.Ranosm.Maktub.2428E2D6
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0052e4141 )
Cybereasonmalicious.b5cbe0
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Takbum.aa
BitDefenderGeneric.Ranosm.Maktub.2428E2D6
NANO-AntivirusTrojan.Win32.Kryptik.faoxrs
MicroWorld-eScanGeneric.Ranosm.Maktub.2428E2D6
TencentWin32.Trojan.Takbum.Anzq
Ad-AwareGeneric.Ranosm.Maktub.2428E2D6
SophosMal/Generic-S
BitDefenderThetaGen:NN.ZexaF.34142.2C0@aKIl4MbO
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.ecbea8cb5cbe0fda
EmsisoftTrojan.Ransom (A)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1100573
MicrosoftTrojan:Win32/Skeeyah.A!rfn
ArcabitGeneric.Ranosm.Maktub.2428E2D6
GDataGeneric.Ranosm.Maktub.2428E2D6
AhnLab-V3Malware/Win32.Generic.C2472480
McAfeeGenericRXFC-QW!ECBEA8CB5CBE
MalwarebytesMalware.AI.3691120468
PandaTrj/Genetic.gen
RisingTrojan.Generic@ML.93 (RDML:OBXunSY5tj4/kVPGTI/A7A)
YandexTrojan.GenAsa!p+rDMSV3vfI
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/RansomTak.A!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Generic.Ranosm.Maktub.2428E2D6?

Generic.Ranosm.Maktub.2428E2D6 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment