Categories: Ransom

Generic.Ransom.Buhtrap.CEBC38DB malicious file

The Generic.Ransom.Buhtrap.CEBC38DB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Buhtrap.CEBC38DB virus can do?

Injection with CreateRemoteThread in a remote process
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Attempts to delete volume shadow copies
Deletes its original binary from disk
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Installs itself for autorun at Windows startup
Clears Windows events or logs
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.Buhtrap.CEBC38DB?


File Info:
crc32: 7868F6C9md5: 48b844494a746ca96c7b96d6bd90f45fname: 48B844494A746CA96C7B96D6BD90F45F.mlwsha1: 7bf83b98f798f3a8f4ce85b6d29554a435e516e3sha256: 45fba1ef399f41227ae4d14228253237b5eb464f56cab92c91a6a964dc790622sha512: 4fc6faac283dbd7c7d8b5005804726af50c49e70fa0425562c294dbdd150284ef140dff05e93f745a88088d01d9506280c953a0f39b88029f4379221f875ca86ssdeep: 6144:4ia1gMHOPDWIhID8X/4DQFu/U3buRKlemZ9DnGAetTsB+G+:4IMH06cID84DQFu/U3buRKlemZ9DnGAtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Generic.Ransom.Buhtrap.CEBC38DB also known as:

K7AntiVirus	Trojan ( 0055c8001 )
Elastic	malicious (high confidence)
DrWeb	DLOADER.Trojan
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.AgentIH.S18008568
ALYac	Generic.Ransom.Buhtrap.CEBC38DB
Cylance	Unsafe
Sangfor	Worm.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
K7GW	Trojan ( 0055c8001 )
Cybereason	malicious.94a746
Cyren	W32/Ransom.LV.gen!Eldorado
Symantec	Ransom.Buran
ESET-NOD32	a variant of Win32/Filecoder.Buran.J
APEX	Malicious
Avast	FileRepMalware
ClamAV	Win.Ransomware.Buhtrap-7670115-0
Kaspersky	HEUR:Trojan.Win32.Agent.gen
BitDefender	Generic.Ransom.Buhtrap.CEBC38DB
NANO-Antivirus	Trojan.Win32.Encoder.hntjph
MicroWorld-eScan	Generic.Ransom.Buhtrap.CEBC38DB
Tencent	Malware.Win32.Gencirc.11cc11a1
Ad-Aware	Generic.Ransom.Buhtrap.CEBC38DB
Sophos	ML/PE-A + Mal/Behav-010
BitDefenderTheta	AI:Packer.6C3AF8981F
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.48b844494a746ca9
Emsisoft	Generic.Ransom.Buhtrap.CEBC38DB (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/Malware
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASCommon.195
Microsoft	Ransom:Win32/Zeppelin.A!MSR
Arcabit	Generic.Ransom.Buhtrap.CEBC38DB
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
GData	Win32.Trojan-Ransom.Filecoder.A79L7W@gen
AhnLab-V3	Trojan/Win32.BuhTrap.R338445
McAfee	GenericRXKB-RP!48B844494A74
MAX	malware (ai score=80)
VBA32	BScope.Trojan.Agent
Malwarebytes	Ransom.Zeppelin
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Rising	Ransom.Zeppelin!1.D4C1 (CLASSIC)
Yandex	Trojan.GenAsa!CxfKQU+AivY
Ikarus	Trojan-Ransom.Buran
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Buran.H!tr.ransom
AVG	FileRepMalware