Ransom

Generic.Ransom.GandCrab.5AC58AD0 (file analysis)

Malware Removal

The Generic.Ransom.GandCrab.5AC58AD0 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.Ransom.GandCrab.5AC58AD0 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • CAPE detected the Gandcrab malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Generic.Ransom.GandCrab.5AC58AD0?


File Info:

name: 22FE8DF09F9A52B379F7.mlw
path: /opt/CAPEv2/storage/binaries/f89d7dbea8f1d44adb9c20b1d900a8999f65067325b1fb4ff12b63231975a3ef
crc32: 91AF7F0C
md5: 22fe8df09f9a52b379f7c303d1f9a29d
sha1: d2ce73a2a41853705095049dbadd04263ed3b3f2
sha256: f89d7dbea8f1d44adb9c20b1d900a8999f65067325b1fb4ff12b63231975a3ef
sha512: 4f92ea16a1b3d7e37c21587210677027a4a1b3ea3c34ef642f3d61bb20324bfba94b11956e34d67c4ba632194a804e03553c4dedebfc588daa14b6dce68648c3
ssdeep: 1536:2RRRRRRRRRRRRBVKIRU1RXFUjNMCA7MqqU+2bbbAV2/S2Ovvd67Ad:EjUfQw7MqqDL2/OvvdB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T140936E00B1E1B117E0F39BBA9BB97E3940BD3D206729ABCB1BD5594ACC268F01935753
sha3_384: 9449c594e39eb77d6051b41346914a2465719f30bf00e79f1c78b8fd27ccd7381569ca4b0ec72f17808fef99abec455b
ep_bytes: 558bec83ec4c68e8030000ff1598a046
timestamp: 2018-03-04 18:10:15

Version Info:

0: [No Data]

Generic.Ransom.GandCrab.5AC58AD0 also known as:

BkavW32.AIDetectMalware
DrWebTrojan.Encoder.30802
MicroWorld-eScanGeneric.Ransom.GandCrab.5AC58AD0
ClamAVWin.Ransomware.Gandcrab-6667060-0
FireEyeGeneric.mg.22fe8df09f9a52b3
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGeneric.Ransom.GandCrab.5AC58AD0
MalwarebytesRansom.GandCrab
VIPREGeneric.Ransom.GandCrab.5AC58AD0
SangforRansom.Win32.Gandcrab_1.se
K7AntiVirusTrojan ( 00526c7b1 )
K7GWTrojan ( 00526c7b1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.36164.fyW@aO3CHrai
CyrenW32/GandCrab.BP.gen!Eldorado
SymantecRansom.GandCrab!g4
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.GandCrab.H
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Trojan-Ransom.Win32.GandCrypt.gen
BitDefenderGeneric.Ransom.GandCrab.5AC58AD0
AvastWin32:RansomX-gen [Ransom]
TencentTrojan-Ransom.Win32.GandCrab.16000553
SophosMal/GandCrab-L
F-SecureTrojan.TR/Dropper.Gen
ZillyaTrojan.Filecoder.Win32.29444
TrendMicroRansom_GANDCRAB.SM1
McAfee-GW-EditionBehavesLike.Win32.Trojan.mm
Trapminemalicious.moderate.ml.score
EmsisoftGeneric.Ransom.GandCrab.5AC58AD0 (B)
IkarusTrojan-Ransom.GandCrab
GDataGeneric.Ransom.GandCrab.5AC58AD0
AviraTR/Dropper.Gen
MAXmalware (ai score=87)
Antiy-AVLTrojan[Ransom]/Win32.GandCrab
XcitiumTrojWare.Win32.Ransom.GandCrab.B@7kn2ff
ArcabitGeneric.Ransom.GandCrab.5AC58AD0
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftRansom:Win32/Gandcrab
GoogleDetected
AhnLab-V3Trojan/Win32.Gandcrab.R224768
McAfeeGenericRXFC-SK!22FE8DF09F9A
VBA32BScope.Trojan.Chapak
Cylanceunsafe
TrendMicro-HouseCallRansom_GANDCRAB.SM1
RisingRansom.GandCrab!1.B8D6 (CLASSIC)
YandexTrojan.GenAsa!qHIhniD54fs
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/GandCrab.B!tr.ransom
AVGWin32:RansomX-gen [Ransom]
DeepInstinctMALICIOUS

How to remove Generic.Ransom.GandCrab.5AC58AD0?

Generic.Ransom.GandCrab.5AC58AD0 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment