Categories: Ransom

Generic.Ransom.Buhtrap.F5DC0D1B malicious file

The Generic.Ransom.Buhtrap.F5DC0D1B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.Buhtrap.F5DC0D1B virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Zeppelin malware family

How to determine Generic.Ransom.Buhtrap.F5DC0D1B?



File Info:

name: F3490951AE51922CB360.mlwpath: /opt/CAPEv2/storage/binaries/894b03ed203cfa712a28ec472efec0ca9a55d6058115970fe7d1697a3ddb0072crc32: 19E0BF3Bmd5: f3490951ae51922cb360a3d76a670159sha1: e2cb60be111716e32db7ca2365ad6e73c30f0e21sha256: 894b03ed203cfa712a28ec472efec0ca9a55d6058115970fe7d1697a3ddb0072sha512: 70051d83d6d38d59650df4049ef0cf27d17dd07cb1ab599ba1ef7b5c306cc5506cfbd53dda9bd7c4cdfce5ea7c20626352d8f8118632f0161b10d1a65c11c280ssdeep: 6144:3yJE1yd7WHJmcyfjtPWna4DQFu/U3buRKlemZ9DnGAevIhdiB+Y:3U/d7WsvBPWa4DQFu/U3buRKlemZ9Dnstype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T142147D36BA808473D1731E7CDE1A45AE913A7A302F2C14477DE95E4DAE3E3A2652D1C3sha3_384: 7dd32d586494d93d4cca1fd85b716fce730e2b514fc5946bfeb4dae807624d3fef53456f50a72d77bf2bc317ce190bebep_bytes: 558bec83c4f0b86cef4200e8a451fdfftimestamp: 2021-11-12 11:47:21

Version Info:

0: [No Data]

Generic.Ransom.Buhtrap.F5DC0D1B also known as:

Lionic Trojan.Win32.Agent.4!c
MicroWorld-eScan Generic.Ransom.Buhtrap.F5DC0D1B
FireEye Generic.mg.f3490951ae51922c
CAT-QuickHeal Trojan.AgentIH.S18008568
McAfee GenericRXKB-RP!F3490951AE51
Cylance Unsafe
Zillya Trojan.Agent.Win32.2552694
Sangfor Worm.Win32.Save.a
K7AntiVirus Trojan ( 0055c8001 )
BitDefender Generic.Ransom.Buhtrap.F5DC0D1B
K7GW Trojan ( 0055c8001 )
Cybereason malicious.1ae519
BitDefenderTheta AI:Packer.7E5897301D
Cyren W32/ABRansom.EKQL-5457
Symantec Downloader
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Filecoder.Buran.J
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Agent.gen
Alibaba Ransom:Win32/Zeppelin.d87ecb49
NANO-Antivirus Trojan.Win32.Filecoder.jnuusr
Cynet Malicious (score: 100)
ViRobot Trojan.Win32.S.Agent.208388
Rising Ransom.Zeppelin!1.D4C1 (CLASSIC)
Ad-Aware Generic.Ransom.Buhtrap.F5DC0D1B
Sophos Mal/Generic-S + Mal/Behav-010
DrWeb Trojan.Siggen15.40264
VIPRE Generic.Ransom.Buhtrap.F5DC0D1B
TrendMicro Ransom.Win32.ZEPPELIN.SMTH
McAfee-GW-Edition BehavesLike.Win32.Generic.dh
Emsisoft Generic.Ransom.Buhtrap.F5DC0D1B (B)
SentinelOne Static AI – Malicious PE
Jiangmin Trojan.Invader.dzb
Webroot W32.Trojan.Gen
Avira ADWARE/Adware.Gen
Antiy-AVL Trojan/Generic.ASCommon.195
Kingsoft Win32.Heur.KVMH017.a.(kcloud)
Microsoft Ransom:Win32/Zeppelin.A!MSR
GData Generic.Ransom.Buhtrap.F5DC0D1B
Google Detected
AhnLab-V3 Ransomware/Win.ZEPPELIN.C5222156
VBA32 Trojan.Agent
MAX malware (ai score=100)
Malwarebytes Ransom.Zeppelin
Panda Trj/GdSda.A
Tencent Win32.Trojan.Filecoder.Najl
Yandex Trojan.GenAsa!CxfKQU+AivY
Ikarus Trojan-Ransom.Buran
Fortinet W32/Buran.H!tr.ransom
AVG Win32:Evo-gen [Trj]
Avast Win32:Evo-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)

How to remove Generic.Ransom.Buhtrap.F5DC0D1B?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Generic.Ransom.Buhtrap.F5DC0D1B
2 years ago

Recent Posts

How to remove “MSIL/Kryptik.AEKB”?

The MSIL/Kryptik.AEKB is considered dangerous by lots of security experts. When this infection is active,…

39 mins ago

Should I remove “Trojan.Ransom.Loki.GDM”?

The Trojan.Ransom.Loki.GDM is considered dangerous by lots of security experts. When this infection is active,…

45 mins ago

Generic.Dacic.94CCEEA9.A.B50509BB removal

The Generic.Dacic.94CCEEA9.A.B50509BB is considered dangerous by lots of security experts. When this infection is active,…

45 mins ago

Lazy.503930 removal

The Lazy.503930 is considered dangerous by lots of security experts. When this infection is active,…

50 mins ago

Zusy.546247 (file analysis)

The Zusy.546247 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

About “Trojan:Win32/AgentTesla!rfn” infection

The Trojan:Win32/AgentTesla!rfn is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago