Categories: Ransom

Should I remove “Generic.Ransom.GandCrab4.635755B2”?

The Generic.Ransom.GandCrab4.635755B2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.GandCrab4.635755B2 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Gandcrab malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Deletes executed files from disk

How to determine Generic.Ransom.GandCrab4.635755B2?



File Info:

name: 8C571696BF2C989F38B7.mlwpath: /opt/CAPEv2/storage/binaries/d15e8125130fab837354826c873ca758d43a517559c0e9bbefe6651797d97badcrc32: D50EBD03md5: 8c571696bf2c989f38b77141870e0c45sha1: 53e8ccb934dc3e33bf9d8ebf815a0feb1c531476sha256: d15e8125130fab837354826c873ca758d43a517559c0e9bbefe6651797d97badsha512: 49a697b8aa94894bbea93f5f543fdd828d75b803edc90d564f4c0ba2f96abac23d86150c4177d0d7c0d9cd804d1bf712ff23d30eeadecb73d29284f953e543fdssdeep: 24576:77blhkVagHPFnsjfIJ7/efYk0VbEyt0xSVTaLwHABz2lYmTVrSWAVd13DGK/3Ogz:775HgH2fEDS0pBtlVTaWGiumTqZqSJNtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1B6752325D3C2E976D85747B4043B9C128567BDAA5CB0062931AE365A3F72313B8BB31Fsha3_384: d04e540c4d79f8b6aff01cf107bb6ced360cc3088ccb0e63b445cc2981577c535ffc513f8b18b053c826df4db5c588e1ep_bytes: 558bec83c4c453565733c08945f08945timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup.CompanyName: Balooba                                                     FileDescription: Balooba Setup                                               FileVersion:                     LegalCopyright:                                                                                                     ProductName: Balooba                                                     ProductVersion: 2.1                                               Translation: 0x0000 0x04b0

Generic.Ransom.GandCrab4.635755B2 also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Deplist.b!c
Elastic malicious (moderate confidence)
DrWeb Trojan.Encoder.24384
MicroWorld-eScan Generic.Ransom.GandCrab4.635755B2
FireEye Generic.Ransom.GandCrab4.635755B2
ALYac Generic.Ransom.GandCrab4.635755B2
Cylance Unsafe
Zillya Trojan.GenericKD.Win32.122674
Sangfor Trojan.Win32.GandCrab.D
K7AntiVirus Trojan ( 0052ef4e1 )
Alibaba Ransom:Win32/GandCrab.4d3ef20f
K7GW Trojan ( 0052ef4e1 )
Cybereason malicious.6bf2c9
Arcabit Generic.Ransom.GandCrab4.635755B2
BitDefenderTheta Gen:NN.ZedlaF.34606.hu4@aqSQqIci
Cyren W32/Gandcrab.O.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/Filecoder.GandCrab.D
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan-Dropper.Win32.Deplist.a
BitDefender Generic.Ransom.GandCrab4.635755B2
NANO-Antivirus Trojan.Win32.Encoder.ffmoth
Avast Win32:Trojan-gen
Rising Ransom.GandCrab!8.F355 (TFE:3:hrNZqsk3eqQ)
Sophos Mal/Generic-S
Comodo Malware@#44g1ygnhpvzw
VIPRE Generic.Ransom.GandCrab4.635755B2
McAfee-GW-Edition BehavesLike.Win32.Dropper.tc
Emsisoft Generic.Ransom.GandCrab4.635755B2 (B)
SentinelOne Static AI – Suspicious PE
Jiangmin Trojan.Banker.TinyNuke.lx
Google Detected
Avira HEUR/AGEN.1249402
MAX malware (ai score=99)
Antiy-AVL Trojan/Generic.ASCommon.12D
Microsoft Ransom:Win32/GandCrab.AP
GData Generic.Ransom.GandCrab4.635755B2
Cynet Malicious (score: 99)
AhnLab-V3 Trojan/Win32.PyLocky.C2265541
McAfee Artemis!8C571696BF2C
VBA32 TrojanDropper.Deplist
Tencent Win32.Trojan-Dropper.Deplist.Rimw
Yandex Trojan.DR.Deplist!mTMjri84SZc
Ikarus Trojan-Ransom.GandCrab
MaxSecure Trojan.Malware.73581599.susgen
AVG Win32:Trojan-gen
CrowdStrike win/malicious_confidence_100% (W)

How to remove Generic.Ransom.GandCrab4.635755B2?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Generic.Ransom.GandCrab4.635755B2
2 years ago

Recent Posts

Marsilia.4611 removal tips

The Marsilia.4611 is considered dangerous by lots of security experts. When this infection is active,…

11 mins ago

Should I remove “Client-IRC.Win32.mIRC.616”?

The Client-IRC.Win32.mIRC.616 is considered dangerous by lots of security experts. When this infection is active,…

22 mins ago

About “Barys.67671” infection

The Barys.67671 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Win32/Olmarik.AOF malicious file

The Win32/Olmarik.AOF is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Generic.Sdbot.E6D5958D removal guide

The Generic.Sdbot.E6D5958D is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

Malware.AI.1318074156 malicious file

The Malware.AI.1318074156 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago