Ransom

Should I remove “Generic.Ransom.CloudSword.8F17F31C”?

Malware Removal

The Generic.Ransom.CloudSword.8F17F31C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.CloudSword.8F17F31C virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Performs some HTTP requests
  • Looks up the external IP address
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by installation directory
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Attempts to create or modify system certificates
  • Anomalous binary characteristics

Related domains:

checkip.dyndns.org
freegeoip.app

How to determine Generic.Ransom.CloudSword.8F17F31C?



File Info:

crc32: D7B46F08
md5: d6d264104f505b13c1b39239bfdca65d
name: D6D264104F505B13C1B39239BFDCA65D.mlw
sha1: 470c1aa5bd0be6946c9afc21f64b52b73ef1b71c
sha256: 345198b00893a9b90edadfefd152647130b6a0c2bbdbe65c2f863e0b5ff503e4
sha512: 3c74a5f16bd517f81e48b249626642cd4c8d7739beae959209ad3b761bafeba064b3a4e1740f946d8849088abc2e943be458b06812fcb787a93b739a2e591ddf
ssdeep: 6144:TQqVPqMJwaVf9H+loN0Vd7jC1pKlvBy6UE8XOED0Ci49k6rlHt:jPxwaVf5+Xkavs/DD0uk6j
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: rules
FileVersion: 6.3.0.6
CompanyName: cloak
LegalTrademarks: erect
Comments: conspired
ProductName: unsubstantiated
FileDescription: team
Translation: 0x0000 0x04e4

Generic.Ransom.CloudSword.8F17F31C also known as:

BkavW32.AIDetect.malware1
DrWebTrojan.Loader.840
CynetMalicious (score: 100)
ALYacDeepScan:Generic.Ransom.CloudSword.8F17F31C
BitDefenderDeepScan:Generic.Ransom.CloudSword.8F17F31C
Cybereasonmalicious.04f505
CyrenW32/Ninjector.J.gen!Camelot
SymantecPacked.Generic.609
APEXMalicious
KasperskyUDS:Trojan-PSW.Win32.Stelega.gen
MicroWorld-eScanDeepScan:Generic.Ransom.CloudSword.8F17F31C
Ad-AwareDeepScan:Generic.Ransom.CloudSword.8F17F31C
FireEyeDeepScan:Generic.Ransom.CloudSword.8F17F31C
EmsisoftDeepScan:Generic.Ransom.CloudSword.8F17F31C (B)
SentinelOneStatic AI – Suspicious PE
MicrosoftTrojan:Win32/Tnega!ml
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataDeepScan:Generic.Ransom.CloudSword.8F17F31C
MAXmalware (ai score=80)
VBA32BScope.Trojan-Dropper.Injector
RisingTrojan.Injector/NSIS!1.D743 (CLASSIC)
FortinetW32/Kryptik.J!tr
Paloaltogeneric.ml

How to remove Generic.Ransom.CloudSword.8F17F31C?

Generic.Ransom.CloudSword.8F17F31C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment