What is "Generic.Ransom.Buhtrap.6F16E0FC"?

The Generic.Ransom.Buhtrap.6F16E0FC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Buhtrap.6F16E0FC virus can do?

Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Code injection with CreateRemoteThread in a remote process
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Creates a copy of itself

Related domains:

geoiptool.com

www.geodatatool.com

ocsp.comodoca.com

ocsp.usertrust.com

crl.usertrust.com

How to determine Generic.Ransom.Buhtrap.6F16E0FC?


File Info:
crc32: 599F1261
md5: dcad456e413aada98a8e5d0b83939f3c
name: DCAD456E413AADA98A8E5D0B83939F3C.mlw
sha1: 8b69b1ea44cbd670de468d8b263e96caca9d3266
sha256: aea4998b05ddb994d5371df18d17e1924d771eecda8da28dc17c4eba696d8fd2
sha512: 2ae42eea255a26fff53fe387f68def6225ecdf4e0f907995e02c3081c7f8ba7c4d641da5d30aa3a1dbf8e4b15f3035d3259ab95062d5b30613bf76cc5c9d6e6a
ssdeep: 6144:4yJE1brNNDw7AE9kgH16LGv2J4DQFu/U3buRKlemZ9DnGAeDMK3ITJN+c:4UqNNDwpRV6LqM4DQFu/U3buRKlemZ9
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Generic.Ransom.Buhtrap.6F16E0FC also known as:

K7AntiVirus	Trojan ( 0055c8001 )
Elastic	malicious (high confidence)
DrWeb	DLOADER.Trojan
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.AgentIH.S18008568
ALYac	Generic.Ransom.Buhtrap.6F16E0FC
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Trojan ( 0055c8001 )
Cybereason	malicious.e413aa
Cyren	W32/Ransom.LV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.Buran.J
APEX	Malicious
Avast	Win32:Dh-A [Heur]
ClamAV	Win.Ransomware.Buhtrap-9802628-0
Kaspersky	HEUR:Trojan.Win32.Agent.gen
BitDefender	Generic.Ransom.Buhtrap.6F16E0FC
NANO-Antivirus	Trojan.Win32.Encoder.icuvpe
MicroWorld-eScan	Generic.Ransom.Buhtrap.6F16E0FC
Tencent	Malware.Win32.Gencirc.10ce2532
Ad-Aware	Generic.Ransom.Buhtrap.6F16E0FC
Sophos	ML/PE-A + Mal/Behav-010
F-Secure	Heuristic.HEUR/Malware
BitDefenderTheta	AI:Packer.BE2148871E
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.dcad456e413aada9
Emsisoft	Generic.Ransom.Buhtrap.6F16E0FC (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/Malware
Antiy-AVL	Trojan[Ransom]/Win32.Buran.a
Microsoft	Ransom:Win32/Zeppelin.A!MSR
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Generic.Ransom.Buhtrap.6F16E0FC
AhnLab-V3	Trojan/Win32.BuhTrap.R338445
McAfee	GenericRXKB-RP!DCAD456E413A
MAX	malware (ai score=85)
VBA32	BScope.TrojanRansom.Crypmod
Malwarebytes	Ransom.Zeppelin
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Rising	Ransom.Zeppelin!1.D4C1 (CLASSIC)
Yandex	Trojan.GenAsa!CxfKQU+AivY
Ikarus	Trojan-Ransom.Buran
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Buran.H!tr.ransom
AVG	Win32:Dh-A [Heur]

How to remove Generic.Ransom.Buhtrap.6F16E0FC?

Generic.Ransom.Buhtrap.6F16E0FC removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Generic.Ransom.Buhtrap.6F16E0FC”?