Categories: Ransom

What is “Generic.Ransom.Buhtrap.AD6D7649”?

The Generic.Ransom.Buhtrap.AD6D7649 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.Buhtrap.AD6D7649 virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the Zeppelin malware family
  • Creates a copy of itself
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.Buhtrap.AD6D7649?



File Info:

name: 4534F2AFE5F7DF1D998F.mlwpath: /opt/CAPEv2/storage/binaries/e8596675fef4ad8378e4220c22f4358fdb4a20531b59d7df5382c421867520a9crc32: 1F856EEEmd5: 4534f2afe5f7df1d998f37ad4e35afebsha1: e2cc94e471509f9fa58620b8bb56d77f2cfe74b0sha256: e8596675fef4ad8378e4220c22f4358fdb4a20531b59d7df5382c421867520a9sha512: 178a380a720afab73b56c6de53504fc5f7dc1167496488d156ce3572761b34d5180a9a147cf6d4412da4c3af533f4bf373a4bb67f9990c63a9f5b733fc085693ssdeep: 6144:uia1gMHoPDWIGID8X/4DQFu/U3buRKlemZ9DnGAetTpbH0Vd+:uIMH26HID84DQFu/U3buRKlemZ9DnGA3type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1F9248E36AAC08837D1331E7CDE0E52AE917E7A302E1C589779E45E8D9E7D392652C1C3sha3_384: 6aace48306a9c56d98e8eb4bbdb280b7f709c5719e9c47dc48772b947c6c12decf2a6c5e6038eb2b9f437a377bd3bb88ep_bytes: 558bec83c4f0b844e44200e8f85ffdfftimestamp: 2021-06-28 07:14:17

Version Info:

0: [No Data]

Generic.Ransom.Buhtrap.AD6D7649 also known as:

Lionic Trojan.Win32.Agent.4!c
MicroWorld-eScan Generic.Ransom.Buhtrap.AD6D7649
FireEye Generic.mg.4534f2afe5f7df1d
CAT-QuickHeal Trojan.AgentIH.S18008568
McAfee GenericRXKB-RP!4534F2AFE5F7
Malwarebytes Ransom.Zeppelin
Zillya Trojan.Filecoder.Win32.21781
Sangfor Worm.Win32.Save.a
K7AntiVirus Trojan ( 0055c8001 )
Alibaba Ransom:Win32/Zeppelin.af3a138f
K7GW Trojan ( 0055c8001 )
Cybereason malicious.fe5f7d
Cyren W32/Ransom.LV.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Filecoder.Buran.J
APEX Malicious
Paloalto generic.ml
ClamAV Win.Ransomware.Buhtrap-7670115-0
Kaspersky HEUR:Trojan.Win32.Agent.gen
BitDefender Generic.Ransom.Buhtrap.AD6D7649
NANO-Antivirus Trojan.Win32.Filecoder.huosfe
Avast Win32:Malware-gen
Tencent Win32.Trojan.Filecoder.Pavk
Ad-Aware Generic.Ransom.Buhtrap.AD6D7649
Sophos Mal/Generic-R + Mal/Behav-010
F-Secure Heuristic.HEUR/Malware
DrWeb DLOADER.Trojan
VIPRE Generic.Ransom.Buhtrap.AD6D7649
TrendMicro Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
Trapmine suspicious.low.ml.score
Emsisoft Generic.Ransom.Buhtrap.AD6D7649 (B)
Ikarus Trojan-Ransom.Buran
GData Generic.Ransom.Buhtrap.AD6D7649
Jiangmin Trojan.Agent.duvw
Webroot W32.AGent.Gen
Google Detected
Avira HEUR/Malware
Antiy-AVL Trojan/Generic.ASCommon.195
Arcabit Generic.Ransom.Buhtrap.AD6D7649
ZoneAlarm HEUR:Trojan.Win32.Agent.gen
Microsoft Ransom:Win32/Zeppelin.A!MSR
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.BuhTrap.R338445
ALYac Trojan.Ransom.VegaLocker
MAX malware (ai score=87)
VBA32 BScope.Trojan.Agent
Cylance Unsafe
TrendMicro-HouseCall Ransom.Win32.ZEPPELIN.SMTH
Rising Ransom.Zeppelin!1.D4C1 (CLASSIC)
Yandex Trojan.GenAsa!CxfKQU+AivY
SentinelOne Static AI – Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Buran.H!tr.ransom
BitDefenderTheta AI:Packer.5C5305F91F
AVG Win32:Malware-gen
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_100% (W)

How to remove Generic.Ransom.Buhtrap.AD6D7649?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Generic.Ransom.Buhtrap.AD6D7649
2 years ago

Recent Posts

PUP.Optional.eSupportNTFSUndelete malicious file

The PUP.Optional.eSupportNTFSUndelete is considered dangerous by lots of security experts. When this infection is active,…

26 mins ago

What is “Trojan:MSIL/AgentTesla.KABA!MTB”?

The Trojan:MSIL/AgentTesla.KABA!MTB is considered dangerous by lots of security experts. When this infection is active,…

31 mins ago

PWS:Win32/OnLineGames.IM information

The PWS:Win32/OnLineGames.IM is considered dangerous by lots of security experts. When this infection is active,…

31 mins ago

What is “Malware.AI.1232470033”?

The Malware.AI.1232470033 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Tedy.527363 removal guide

The Tedy.527363 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Should I remove “Zusy.472379 (B)”?

The Zusy.472379 (B) is considered dangerous by lots of security experts. When this infection is…

2 hours ago