Generic.Ransom.GandCrab.3189A25C malicious file

The Generic.Ransom.GandCrab.3189A25C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Generic.Ransom.GandCrab.3189A25C virus can do?

The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid
CAPE detected the Gandcrab malware family
Anomalous binary characteristics

How to determine Generic.Ransom.GandCrab.3189A25C?


File Info:
name: 068C76C3F85F3DFE0033.mlw
path: /opt/CAPEv2/storage/binaries/d5bb89c504db55c0433a9973611135f403a9cdf6ce5b23641666c25e7992655f
crc32: 874BA58F
md5: 068c76c3f85f3dfe003397bb2d77534c
sha1: a200ee626f61eb574ff751d1da69739516880c37
sha256: d5bb89c504db55c0433a9973611135f403a9cdf6ce5b23641666c25e7992655f
sha512: 3719e44f0d76fd19509a0c334d1678b32e37db293ee5dac52694ed17b3f8cfb3a9187ba5efe9b99e30f10878722900e5317051c0a835f2fe43112ab14ac6b947
ssdeep: 1536:5ZZZZZZZZZZZZpzZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXouuV78hbHnAoMqqU+22:jBouuV4FHVMqqDL2/LgHkc2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15E046C1EA3E1B293E1E25BB9FA743D65486E3D10BB1597DB599398462D630F02C3B303
sha3_384: 22af722a268b6fe9446abec0fef9cf804d5a2312414c3fc648fbb3b879d564ac140fd8df2ff8d50328412cada229508e
timestamp: 2018-02-20 17:28:57

Version Info:
0: [No Data]

Generic.Ransom.GandCrab.3189A25C also known as:

Bkav	W32.AIDetect.malware1
MicroWorld-eScan	Generic.Ransom.GandCrab.3189A25C
FireEye	Generic.mg.068c76c3f85f3dfe
ALYac	Generic.Ransom.GandCrab.3189A25C
Cylance	Unsafe
VIPRE	Generic.Ransom.GandCrab.3189A25C
Sangfor	Ransom.Win32.Gandcrab_1.se
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	Trojan.Gen.2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Filecoder.GandCrab.B
TrendMicro-HouseCall	Mal_Xed-7
ClamAV	Win.Ransomware.Gandcrab-6667060-0
BitDefender	Generic.Ransom.GandCrab.3189A25C
Cynet	Malicious (score: 100)
Ad-Aware	Generic.Ransom.GandCrab.3189A25C
Emsisoft	Generic.Ransom.GandCrab.3189A25C (B)
Comodo	Heur.Corrupt.PE@1z141z3
DrWeb	Trojan.Encoder.24384
TrendMicro	Mal_Xed-7
McAfee-GW-Edition	BehavesLike.Win32.Generic.cz
SentinelOne	Static AI – Malicious PE
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
APEX	Malicious
GData	Generic.Ransom.GandCrab.3189A25C
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Ransom]/Win32.GandCrypt.c
Arcabit	Generic.Ransom.GandCrab.3189A25C
Microsoft	Ransom:Win32/GandCrab.AE
Google	Detected
McAfee	GenericRXLX-RO!068C76C3F85F
Malwarebytes	Malware.AI.1896438207
Rising	Ransom.GandCrab!1.B8D6 (CLASSIC)
Ikarus	Trojan-Ransom.GandCrab
Fortinet	W32/GandCrab.B!tr.ransom
Cybereason	malicious.3f85f3

How to remove Generic.Ransom.GandCrab.3189A25C?

Generic.Ransom.GandCrab.3189A25C removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X