Ransom

Generic.Ransom.DMALock.BBCB2BEA (file analysis)

Malware Removal

The Generic.Ransom.DMALock.BBCB2BEA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.DMALock.BBCB2BEA virus can do?

  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Exhibits behavior characteristic of DMALocker ransomware
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Writes a potential ransom message to disk
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Creates a known DMALocker ransomware decryption instruction / key file.
  • Anomalous binary characteristics

How to determine Generic.Ransom.DMALock.BBCB2BEA?



File Info:

crc32: 4E10BB79
md5: ab97126b00a27b5702f6882954bc1765
name: AB97126B00A27B5702F6882954BC1765.mlw
sha1: d073d11e0aa100df7205fe0eb2731624c158338d
sha256: 053369b3b63fe08c74d0269e9c29efde3500860f0394cbf6840d57032dea5b12
sha512: c4cd91b77e60ad326f6caaf532bf8a22bb9c6341b76cc913961c93dba911808b1c634601d8e05d376625cb752fec2116ca9ce218df3bd2af9a2a235535121093
ssdeep: 1536:CAPJEPpCrbBPUrOPDMq/swEUR3nBf/tmekKzLYFhisB:CfPqbjMjw33Bf/tmUzL6hisB
type: PE32 executable (console) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Generic.Ransom.DMALock.BBCB2BEA also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004dcfbb1 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.3935
CynetMalicious (score: 99)
CAT-QuickHealWorm.Gamarue.28904
ALYacGeneric.Ransom.DMALock.BBCB2BEA
CylanceUnsafe
ZillyaTrojan.DMALocker.Win32.3
SangforTrojan.Win32.Ransom-DMALock.1
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/DMALocker.374352ab
K7GWTrojan ( 004dcfbb1 )
Cybereasonmalicious.b00a27
CyrenW32/DMALocker.A.gen!Eldorado
SymantecTrojan.Gen
ESET-NOD32a variant of Win32/Filecoder.DMALocker.B
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Blocker.iaky
BitDefenderGeneric.Ransom.DMALock.BBCB2BEA
NANO-AntivirusTrojan.Win32.Drop.dzxjzw
ViRobotTrojan.Win32.Ransom.98848
MicroWorld-eScanGeneric.Ransom.DMALock.BBCB2BEA
TencentTrojan.Win32.DMALocker.a
Ad-AwareGeneric.Ransom.DMALock.BBCB2BEA
SophosMal/Generic-S
ComodoMalware@#2zr8ojqzxtvrf
BitDefenderThetaGen:NN.ZexaF.34796.guX@aaTxopdi
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_MADLOCKER.SMLV
McAfee-GW-EditionBehavesLike.Win32.Generic.nh
FireEyeGeneric.mg.ab97126b00a27b57
EmsisoftGeneric.Ransom.DMALock.BBCB2BEA (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Blocker.bhc
WebrootRansom.Dmalocker
AviraTR/Taranis.2195
Antiy-AVLTrojan/Generic.ASMalwS.16C1549
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/DMALocker
SUPERAntiSpywareRansom.DMALocker/Variant
GDataWin32.Trojan-Ransom.DMALocker.A
TACHYONTrojan/W32.Blocker.98848
AhnLab-V3Trojan/Win32.DMALocker.R173933
McAfeeGenericRXFV-IX!AB97126B00A2
MAXmalware (ai score=100)
VBA32BScope.TrojanRansom.Blocker
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_MADLOCKER.SMLV
RisingTrojan.Kryptik!1.C2FC (CLASSIC)
YandexTrojan.Blocker!NN0qKgqL3n0
IkarusTrojan.Win32.Filecoder
FortinetW32/Filecoder.30120!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.DMALocker.HwoCEpsA

How to remove Generic.Ransom.DMALock.BBCB2BEA?

Generic.Ransom.DMALock.BBCB2BEA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment