Categories: Ransom

What is “Generic.Ransom.Buhtrap.14268EE9”?

The Generic.Ransom.Buhtrap.14268EE9 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Buhtrap.14268EE9 virus can do?

Injection with CreateRemoteThread in a remote process
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Attempts to delete volume shadow copies
Deletes its original binary from disk
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Likely virus infection of existing system binary
Clears Windows events or logs
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Generic.Ransom.Buhtrap.14268EE9?


File Info:
crc32: C8B1F3CBmd5: 6ee85d9db8ae50dc43bed945aa360d61name: 6EE85D9DB8AE50DC43BED945AA360D61.mlwsha1: 4f7ad2e4c92b9fa5f23d090187054ee21c58bb6esha256: cca82c216cca8e45acedb98288fd60bc3e53e0057a6ff5be6a376cc41589cbc4sha512: 2885f93c3e21604ae51e7d3a781ac55fb822934f4750c037e20ebbe9c319c1581bba9582249d117bc8a2491f992bb784f77325215046424a34841ea7aa04981assdeep: 6144:9yJE1AsHDEXtQe8JQX6n64DQFu/U3buRKlemZ9DnGAeuht+c:9UdsHK2vJQb4DQFu/U3buRKlemZ9DnGtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Generic.Ransom.Buhtrap.14268EE9 also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Agent.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.34383
CAT-QuickHeal	Trojan.AgentIH.S18008568
ALYac	Generic.Ransom.Buhtrap.14268EE9
Cylance	Unsafe
Sangfor	Worm.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/generic.ali2000010
K7GW	Trojan ( 0055c8001 )
K7AntiVirus	Trojan ( 0055c8001 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.Buran.J
APEX	Malicious
Avast	Win32:Dh-A [Heur]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Agent.gen
BitDefender	Generic.Ransom.Buhtrap.14268EE9
NANO-Antivirus	Trojan.Win32.Filecoder.hnfmvg
ViRobot	Trojan.Win32.Z.Buran.223232
MicroWorld-eScan	Generic.Ransom.Buhtrap.14268EE9
Tencent	Malware.Win32.Gencirc.11a5b773
Ad-Aware	Generic.Ransom.Buhtrap.14268EE9
Sophos	Mal/Generic-R + Mal/Behav-010
F-Secure	Trojan.TR/Redcap.odbkb
BitDefenderTheta	AI:Packer.EB05C7D31F
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.6ee85d9db8ae50dc
Emsisoft	Generic.Ransom.Buhtrap.14268EE9 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/Redcap.odbkb
eGambit	Unsafe.AI_Score_97%
Antiy-AVL	Trojan/Generic.ASCommon.195
Microsoft	Ransom:Win32/Zeppelin.A!MSR
Arcabit	Generic.Ransom.Buhtrap.14268EE9
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Generic.Ransom.Buhtrap.14268EE9
AhnLab-V3	Trojan/Win32.BuhTrap.R338445
McAfee	GenericRXKB-RP!6EE85D9DB8AE
MAX	malware (ai score=85)
VBA32	BScope.Trojan.Agent
Malwarebytes	Ransom.Zeppelin
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Rising	Ransom.Zeppelin!1.D4C1 (CLASSIC)
Yandex	Trojan.GenAsa!CxfKQU+AivY
Ikarus	Trojan-Ransom.Buran
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Buran.H!tr.ransom
AVG	Win32:Dh-A [Heur]
Paloalto	generic.ml