Malware

Generic.Ranosm.Maktub.A593521E removal

Malware Removal

The Generic.Ranosm.Maktub.A593521E is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ranosm.Maktub.A593521E virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Looks up the external IP address
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system

Related domains:

myip.dnsomatic.com
y5mogzal2w25p6bn.ml

How to determine Generic.Ranosm.Maktub.A593521E?



File Info:

crc32: C5681260
md5: c163256f9bdc73d4e7c98a271f751b4c
name: C163256F9BDC73D4E7C98A271F751B4C.mlw
sha1: 23de9ef5bafca403b2f0772e0a1942bf14d097c9
sha256: 4656065d19078f6ce54f7137042391978f2627cf40f7cac4df8d0c663f8853ed
sha512: 722fa9a7842b10d4d4a5c89a9b44f2f78a5bba91a4d3ec1d4f0abfefc4f774e74c36145992dd6a4b36be7311554ee3d929ca6233d6416c22df1370ffcce4e65b
ssdeep: 12288:74t1yS9sUpWRsyYql6G3eU9LPGCFJ6xG4O05d9Rx7PZMSEVh:7y95y1xLP3gGg9rPhC
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2013
InternalName: explorer
FileVersion: 6.6.3852.6120
CompanyName: Intel Corporation
PrivateBuild: 1
LegalTrademarks: Copyright (C) 2013
Comments: explorer
ProductName: explorer
SpecialBuild: 1
ProductVersion: 6.6.3852.6120
FileDescription: explorer
OriginalFilename: explorer
Translation: 0x0409 0x04b0

Generic.Ranosm.Maktub.A593521E also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0052faf11 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Sigmal.S2666360
McAfeeGenericRXFC-QW!C163256F9BDC
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1431194
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaRansom:Win32/Takbum.5c37ec7d
K7GWTrojan ( 0052faf11 )
Cybereasonmalicious.f9bdc7
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GFUC
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Takbum.ak
BitDefenderGeneric.Ranosm.Maktub.A593521E
NANO-AntivirusTrojan.Win32.Takbum.fbfrvr
MicroWorld-eScanGeneric.Ranosm.Maktub.A593521E
TencentWin32.Trojan.Takbum.Swal
Ad-AwareGeneric.Ranosm.Maktub.A593521E
SophosMal/Generic-S
ComodoMalware@#2gkmd0o7eaxqu
BitDefenderThetaGen:NN.ZexaF.34738.ZC0@a8TVTgdO
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_Takbum.R002C0DFB21
McAfee-GW-EditionBehavesLike.Win32.Backdoor.cc
FireEyeGeneric.mg.c163256f9bdc73d4
EmsisoftGeneric.Ranosm.Maktub.A593521E (B)
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1100573
Antiy-AVLTrojan/Generic.ASMalwS.25FA224
MicrosoftTrojan:Win32/Skeeyah.A!rfn
AegisLabTrojan.Win32.Takbum.j!c
GDataGeneric.Ranosm.Maktub.A593521E
AhnLab-V3Malware/Win32.Generic.C2472480
VBA32TrojanRansom.Takbum
MAXmalware (ai score=97)
MalwarebytesMalware.AI.3691120468
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_Takbum.R002C0DFB21
RisingTrojan.Generic@ML.100 (RDML:QXc8J5NOHW1h2iOAZO+FRg)
YandexTrojan.GenAsa!p+rDMSV3vfI
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/RansomTak.A!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Generic.Ranosm.Maktub.A593521E?

Generic.Ranosm.Maktub.A593521E removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment