Ransom

Should I remove “Generic.Ransom.GandCrab4.635755B2”?

Malware Removal

The Generic.Ransom.GandCrab4.635755B2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.GandCrab4.635755B2 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Gandcrab malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Deletes executed files from disk

How to determine Generic.Ransom.GandCrab4.635755B2?



File Info:

name: 8C571696BF2C989F38B7.mlw
path: /opt/CAPEv2/storage/binaries/d15e8125130fab837354826c873ca758d43a517559c0e9bbefe6651797d97bad
crc32: D50EBD03
md5: 8c571696bf2c989f38b77141870e0c45
sha1: 53e8ccb934dc3e33bf9d8ebf815a0feb1c531476
sha256: d15e8125130fab837354826c873ca758d43a517559c0e9bbefe6651797d97bad
sha512: 49a697b8aa94894bbea93f5f543fdd828d75b803edc90d564f4c0ba2f96abac23d86150c4177d0d7c0d9cd804d1bf712ff23d30eeadecb73d29284f953e543fd
ssdeep: 24576:77blhkVagHPFnsjfIJ7/efYk0VbEyt0xSVTaLwHABz2lYmTVrSWAVd13DGK/3Ogz:775HgH2fEDS0pBtlVTaWGiumTqZqSJN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B6752325D3C2E976D85747B4043B9C128567BDAA5CB0062931AE365A3F72313B8BB31F
sha3_384: d04e540c4d79f8b6aff01cf107bb6ced360cc3088ccb0e63b445cc2981577c535ffc513f8b18b053c826df4db5c588e1
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Balooba                                                     
FileDescription: Balooba Setup                                               
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Balooba                                                     
ProductVersion: 2.1                                               
Translation: 0x0000 0x04b0

Generic.Ransom.GandCrab4.635755B2 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Deplist.b!c
Elasticmalicious (moderate confidence)
DrWebTrojan.Encoder.24384
MicroWorld-eScanGeneric.Ransom.GandCrab4.635755B2
FireEyeGeneric.Ransom.GandCrab4.635755B2
ALYacGeneric.Ransom.GandCrab4.635755B2
CylanceUnsafe
ZillyaTrojan.GenericKD.Win32.122674
SangforTrojan.Win32.GandCrab.D
K7AntiVirusTrojan ( 0052ef4e1 )
AlibabaRansom:Win32/GandCrab.4d3ef20f
K7GWTrojan ( 0052ef4e1 )
Cybereasonmalicious.6bf2c9
ArcabitGeneric.Ransom.GandCrab4.635755B2
BitDefenderThetaGen:NN.ZedlaF.34606.hu4@aqSQqIci
CyrenW32/Gandcrab.O.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Filecoder.GandCrab.D
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Dropper.Win32.Deplist.a
BitDefenderGeneric.Ransom.GandCrab4.635755B2
NANO-AntivirusTrojan.Win32.Encoder.ffmoth
AvastWin32:Trojan-gen
RisingRansom.GandCrab!8.F355 (TFE:3:hrNZqsk3eqQ)
SophosMal/Generic-S
ComodoMalware@#44g1ygnhpvzw
VIPREGeneric.Ransom.GandCrab4.635755B2
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
EmsisoftGeneric.Ransom.GandCrab4.635755B2 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Banker.TinyNuke.lx
GoogleDetected
AviraHEUR/AGEN.1249402
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASCommon.12D
MicrosoftRansom:Win32/GandCrab.AP
GDataGeneric.Ransom.GandCrab4.635755B2
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.PyLocky.C2265541
McAfeeArtemis!8C571696BF2C
VBA32TrojanDropper.Deplist
TencentWin32.Trojan-Dropper.Deplist.Rimw
YandexTrojan.DR.Deplist!mTMjri84SZc
IkarusTrojan-Ransom.GandCrab
MaxSecureTrojan.Malware.73581599.susgen
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Generic.Ransom.GandCrab4.635755B2?

Generic.Ransom.GandCrab4.635755B2 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment