Ransom

Generic.Ransom.Buhtrap.836638CE removal guide

Malware Removal

The Generic.Ransom.Buhtrap.836638CE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.Ransom.Buhtrap.836638CE virus can do?

  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Zeppelin malware family

How to determine Generic.Ransom.Buhtrap.836638CE?


File Info:

name: 7A296F7C1AC4AEEE18D4.mlw
path: /opt/CAPEv2/storage/binaries/ed1548744db512a5502474116828f75737aec8bb11133d5e4ad44be16aa3666b
crc32: 582D9B53
md5: 7a296f7c1ac4aeee18d4c23476735be7
sha1: c13542310f7a4e50a78247fc7334096ca09c5d7f
sha256: ed1548744db512a5502474116828f75737aec8bb11133d5e4ad44be16aa3666b
sha512: c1bd1a5500e9311192e6c44e59e54183748f0ca3f098176d337903bb58124886f331bde81fe90cebf4665a8d653d46e3af9919c31a29d26ad6a1dd60f73ee718
ssdeep: 12288:Kl+kVsGW8C4DQFu/U3buRKlemZ9DnGAellW:cNg8bl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T103559E21E6808436D3A21D7CC92A635E56EEBE302F2866CF7DE51E4D5E39392643C1C7
sha3_384: 0ac7fd6fcc0e3f9708364c46be288478fceb5a23bd3ca535c02790788942ac3def4253c27030a0290503a801800e56eb
ep_bytes: 558bec83c4f0b84ce61a01e8b854fdff
timestamp: 2022-02-12 14:56:09

Version Info:

0: [No Data]

Generic.Ransom.Buhtrap.836638CE also known as:

LionicTrojan.Win32.Agent.4!c
MicroWorld-eScanGeneric.Ransom.Buhtrap.836638CE
FireEyeGeneric.mg.7a296f7c1ac4aeee
CAT-QuickHealTrojan.AgentIH.S18008568
McAfeeGenericRXKB-RP!7A296F7C1AC4
MalwarebytesRansom.Zeppelin
VIPREGeneric.Ransom.Buhtrap.836638CE
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGeneric.Ransom.Buhtrap.836638CE
K7GWTrojan ( 0055c8001 )
K7AntiVirusTrojan ( 0055c8001 )
ArcabitGeneric.Ransom.Buhtrap.DCC41ECE
CyrenW32/Zepplin.A.gen!Eldorado
SymantecDownloader
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.Buran.J
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Agent.gen
AlibabaRansom:Win32/Zeppelin.9c8bf82f
NANO-AntivirusTrojan.Win32.ZardRansom.jrfriy
ViRobotTrojan.Win32.S.Agent.1314816.BW
RisingRansom.Zeppelin!1.D4C1 (CLASSIC)
Ad-AwareGeneric.Ransom.Buhtrap.836638CE
SophosML/PE-A + Troj/Ransom-GSI
DrWebDLOADER.Trojan
ZillyaTrojan.Filecoder.Win32.25678
TrendMicroTROJ_FRS.0NA103HC22
McAfee-GW-EditionBehavesLike.Win32.Dropper.tz
EmsisoftGeneric.Ransom.Buhtrap.836638CE (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Agent.eddh
WebrootW32.Malware.Gen
AviraTR/AD.ZardRansom.usimj
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASCommon.195
MicrosoftRansom:Win32/Zeppelin.A!MSR
ZoneAlarmHEUR:Trojan.Win32.Agent.gen
GDataGeneric.Ransom.Buhtrap.836638CE
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C3574288
ALYacTrojan.Ransom.VegaLocker
VBA32BScope.Trojan.Agent
CylanceUnsafe
TrendMicro-HouseCallTROJ_FRS.0NA103HC22
TencentWin32.Trojan.Filecoder.Ewnw
YandexTrojan.GenAsa!CxfKQU+AivY
IkarusTrojan-Ransom.Buran
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Buran.H!tr.ransom
BitDefenderThetaAI:Packer.94F419671F
Cybereasonmalicious.c1ac4a
PandaTrj/GdSda.A

How to remove Generic.Ransom.Buhtrap.836638CE?

Generic.Ransom.Buhtrap.836638CE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment