Ransom

Generic.Ransom.KeyPass.77487FFE malicious file

Malware Removal

The Generic.Ransom.KeyPass.77487FFE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.KeyPass.77487FFE virus can do?

  • A process created a hidden window
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Generic.Ransom.KeyPass.77487FFE?



File Info:

crc32: 273CA2F3
md5: 38dd2594b9e9c8b58038a1331bf88d57
name: 38DD2594B9E9C8B58038A1331BF88D57.mlw
sha1: 09866420249b4b3722f0335a7e28c93d32affc97
sha256: 02ea5993e565859663130a019915d638bd381a7bdcb63b04f068b408fbab19df
sha512: 36d2fbc8036579b499ada00ee8c8fa36eac24d6977562ed56557ff58d3f6061cf658ee10702b8460abb413e016ee455a91744e35ac57a7f4a07f3e569eaf0696
ssdeep: 24576:ZSrDhlFvhMDbLd7qNsPJ5Jnc1znyGE3w/H9pbMg2tpwu11d:8tHvKV6sx/s+fqHDB2tp9
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Copyright (C) 2000-2021 Stellarium team
Info: https://stellarium.org/
InternalName: stellarium
FileVersion: 0.21.1
CompanyName: Stellarium team
ProductName: Stellarium
ProductVersion: 0.21.1
FileDescription: Stellarium, the free open source planetarium
OriginalFilename: stellarium.exe
Translation: 0x0409 0x04b0

Generic.Ransom.KeyPass.77487FFE also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0053a0921 )
DrWebTrojan.Encoder.30038
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGeneric.Ransom.KeyPass.77487FFE
CylanceUnsafe
BitDefenderGeneric.Ransom.KeyPass.77487FFE
K7GWTrojan ( 0053a0921 )
Cybereasonmalicious.4b9e9c
ESET-NOD32a variant of Win32/Filecoder.STOP.A
CynetMalicious (score: 100)
KasperskyVHO:Trojan-Ransom.Win32.Convagent.gen
NANO-AntivirusTrojan.Win32.Filecoder.fgtfsr
MicroWorld-eScanGeneric.Ransom.KeyPass.77487FFE
Ad-AwareGeneric.Ransom.KeyPass.77487FFE
BitDefenderThetaGen:NN.ZexaE.34796.jnKfam!QHmmk
FireEyeGeneric.Ransom.KeyPass.77487FFE
EmsisoftGeneric.Ransom.KeyPass.77487FFE (B)
JiangminTrojan.Encoder.a
Antiy-AVLTrojan/Generic.ASMalwS.2769AF3
ArcabitGeneric.Ransom.KeyPass.D12EAFFFE
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGeneric.Ransom.KeyPass.77487FFE
MAXmalware (ai score=83)
VBA32TrojanRansom.Encoder
RisingRansom.Stop!1.D6DE (CLASSIC)
YandexTrojan.GenAsa!1tm86RHKx0c
IkarusTrojan-Ransom.FileCrypter
FortinetW32/Ransom.FS!tr
Qihoo-360HEUR/QVM18.1.9F31.Malware.Gen

How to remove Generic.Ransom.KeyPass.77487FFE?

Generic.Ransom.KeyPass.77487FFE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment