What is "Generic.Ransom.Buhtrap.095A12FE"?

The Generic.Ransom.Buhtrap.095A12FE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Buhtrap.095A12FE virus can do?

Attempts to connect to a dead IP:Port (3 unique times)
A process attempted to delay the analysis task.
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Modifies boot configuration settings
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Likely virus infection of existing system binary
Attempts to modify proxy settings
Clears Windows events or logs
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

geoiptool.com

www.geodatatool.com

ocsp.comodoca.com

ocsp.usertrust.com

crl.usertrust.com

iplogger.org

ocsp.sectigo.com

How to determine Generic.Ransom.Buhtrap.095A12FE?


File Info:
crc32: 720E5085
md5: 92f02ef0cd2ad7e5dc71372586bdec25
name: 92F02EF0CD2AD7E5DC71372586BDEC25.mlw
sha1: 0bb7aa4fbe20abd36cd6102f5e16e8a67148b822
sha256: d897f03c98ae3503da114a38462c6c583c430780227ebcbb45a7cbb3a8368e52
sha512: 85f3ecaf93386e671807c9167ed7f0a0488867171195e52dd45e548ea228201ad1f75153dd2f2d213effab13925a7dad7e5a220043733542963564e51b863c8e
ssdeep: 6144:syJE1yd7WTJmcyfZmPWna4DQFu/U3buRKlemZ9DnGAevI4yD+:sU/d7WwvUPWa4DQFu/U3buRKlemZ9Dn
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Generic.Ransom.Buhtrap.095A12FE also known as:

K7AntiVirus	Trojan ( 0055c8001 )
Elastic	malicious (high confidence)
DrWeb	DLOADER.Trojan
ClamAV	Win.Ransomware.Buhtrap-9865977-0
CAT-QuickHeal	Trojan.AgentIH.S18008568
ALYac	Generic.Ransom.Buhtrap.095A12FE
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
BitDefender	Generic.Ransom.Buhtrap.095A12FE
K7GW	Trojan ( 0055c8001 )
Cybereason	malicious.0cd2ad
Cyren	W32/Ransom.LV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.Buran.J
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Agent.gen
NANO-Antivirus	Trojan.Win32.Encoder.itzlzz
MicroWorld-eScan	Generic.Ransom.Buhtrap.095A12FE
Tencent	Malware.Win32.Gencirc.11bc2253
Ad-Aware	Generic.Ransom.Buhtrap.095A12FE
Sophos	ML/PE-A + Mal/Behav-010
BitDefenderTheta	AI:Packer.1BA265F51F
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.92f02ef0cd2ad7e5
Emsisoft	Generic.Ransom.Buhtrap.095A12FE (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/Malware
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASCommon.195
Microsoft	Ransom:Win32/Zeppelin.A!MSR
Arcabit	Generic.Ransom.Buhtrap.095A12FE
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Generic.Ransom.Buhtrap.095A12FE
AhnLab-V3	Trojan/Win32.BuhTrap.R338445
McAfee	GenericRXKB-RP!92F02EF0CD2A
MAX	malware (ai score=89)
VBA32	BScope.TrojanRansom.Crypmod
Malwarebytes	Ransom.Zeppelin
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Rising	Ransom.Zeppelin!1.D4C1 (CLASSIC)
Ikarus	Trojan-Ransom.Buran
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Buran.H!tr.ransom

How to remove Generic.Ransom.Buhtrap.095A12FE?

Generic.Ransom.Buhtrap.095A12FE removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Generic.Ransom.Buhtrap.095A12FE”?