Malware

Should I remove “Generic.Ranosm.Maktub.928F9B40”?

Malware Removal

The Generic.Ranosm.Maktub.928F9B40 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.Ranosm.Maktub.928F9B40 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Looks up the external IP address
  • Detects Sandboxie through the presence of a library
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
myip.dnsomatic.com
y5mogzal2w25p6bn.ml

How to determine Generic.Ranosm.Maktub.928F9B40?


File Info:

crc32: 61638A0E
md5: 73c8c60bc7b86ffac52c676cf0e31a21
name: 73C8C60BC7B86FFAC52C676CF0E31A21.mlw
sha1: 7dc32c6c8a0088f1e9546276aada4cf90ef95f4d
sha256: 1187efa6a64e6ceff9b989a1c8e9a7728b99adda31b40e9bf1e2c2a41441af41
sha512: 0bfe9a0af6733368c4f1b82d0ad8e03494d2f8dcbbfc52c16096c38cd887642a760fea4c4e38e09a3f42341ef176dc7e5f867304774ff835e1a188a56906c313
ssdeep: 12288:7Sj51cWFZshqkcSEdspEDdAvKQQ5PBVhwTcW1Zf9SMk/KcoxFJ9P69R6vx91PWV:7SHcBBcDCWaKQEccSzcpoXP69Y3PW
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright (C) 2013
InternalName: explorer
FileVersion: 6.6.3852.6120
CompanyName: Intel Corporation
PrivateBuild: 1
LegalTrademarks: Copyright (C) 2013
Comments: explorer
ProductName: explorer
SpecialBuild: 1
ProductVersion: 6.6.3852.6120
FileDescription: explorer
OriginalFilename: explorer
Translation: 0x0409 0x04b0

Generic.Ranosm.Maktub.928F9B40 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0052faf11 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Sigmal.S2666360
ALYacTrojan.Ransom.Iron
CylanceUnsafe
ZillyaTrojan.Generic.Win32.216433
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaRansom:Win32/Takbum.5feea915
K7GWTrojan ( 0052faf11 )
Cybereasonmalicious.bc7b86
SymantecTrojan Horse
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Takbum.j
BitDefenderGeneric.Ranosm.Maktub.928F9B40
NANO-AntivirusTrojan.Win32.Kryptik.farure
ViRobotTrojan.Win32.S.Agent.832000.BS
MicroWorld-eScanGeneric.Ranosm.Maktub.928F9B40
TencentWin32.Trojan.Takbum.Aiii
Ad-AwareGeneric.Ranosm.Maktub.928F9B40
SophosMal/Generic-R + Troj/Maktub-F
ComodoMalware@#1ilqntfy71tis
BitDefenderThetaGen:NN.ZexaF.34770.YC0@aCCL8dhO
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_MAKTUB.THDBFAH
McAfee-GW-EditionBehavesLike.Win32.Backdoor.cc
FireEyeGeneric.mg.73c8c60bc7b86ffa
EmsisoftGeneric.Ranosm.Maktub.928F9B40 (B)
WebrootW32.Ransomware.Gen
AviraHEUR/AGEN.1100573
Antiy-AVLTrojan/Generic.ASMalwS.261091C
MicrosoftTrojan:Win32/Wacatac.A!rfn
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmTrojan-Ransom.Win32.Takbum.j
GDataGeneric.Ranosm.Maktub.928F9B40
AhnLab-V3Malware/Win32.Generic.C2472480
McAfeeGenericRXFC-QW!73C8C60BC7B8
MAXmalware (ai score=100)
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.3691120468
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_MAKTUB.THDBFAH
RisingTrojan.Generic@ML.95 (RDML:ldLctrYOtKaHcK16H54hoQ)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/RansomTak.A!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Generic.HxAAEpsA

How to remove Generic.Ranosm.Maktub.928F9B40?

Generic.Ranosm.Maktub.928F9B40 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment