Ransom

Generic.Ransom.Magniber.BA3D32A9 (file analysis)

Malware Removal

The Generic.Ransom.Magniber.BA3D32A9 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.Magniber.BA3D32A9 virus can do?

  • Executable code extraction
  • Enumerates user accounts on the system
  • Creates RWX memory
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Modifies boot configuration settings
  • Exhibits behavior characteristic of Cerber ransomware
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.Magniber.BA3D32A9?



File Info:

crc32: 6F8381F8
md5: a299beafe4488b6585374f4312b4a42a
name: A299BEAFE4488B6585374F4312B4A42A.mlw
sha1: 6af67dc25c046e4b26304af706d5f91271708075
sha256: 9b55fd042b2111ba7277e4f97a1cb30d3dfed38b011e5612b728d59725780b13
sha512: 03e43bd3c1f2ec54d15aec5b3aee9fad08312b74734d8af448b0e6e793146d70cddd9c2be668796953a6e300867ebe139a597538d445581cc6e552e976a1bffa
ssdeep: 3072:9clduR5NK74+SgTAhhiq+jGqZPqJ9xSWppX:C/miyWNqQKvxdX
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Snedded Fed
InternalName: prow
FileVersion: 11.1
CompanyName: Snedded Fed
ProductName: prow omnimeter cod
ProductVersion: 11.1
FileDescription: prow trueing hover
OriginalFilename: prow.exe
Translation: 0x0409 0x04b0

Generic.Ransom.Magniber.BA3D32A9 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004f07d41 )
DrWebTrojan.Encoder.4691
CynetMalicious (score: 100)
ALYacDeepScan:Generic.Ransom.Magniber.BA3D32A9
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.2783773
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Cerber.ca6dd3ea
K7GWTrojan ( 004f07d41 )
Cybereasonmalicious.fe4488
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.EYKI
APEXMalicious
AvastWin32:Evo-gen [Susp]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderDeepScan:Generic.Ransom.Magniber.BA3D32A9
NANO-AntivirusTrojan.Win32.Encoder.evdmeo
MicroWorld-eScanDeepScan:Generic.Ransom.Magniber.BA3D32A9
TencentWin32.Trojan.Generic.Llqv
Ad-AwareDeepScan:Generic.Ransom.Magniber.BA3D32A9
SophosMal/Generic-R + Mal/EncPk-ABY
ComodoMalware@#3fvn7pw0pe5ep
BitDefenderThetaAI:Packer.F589A1061E
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_Cerber.R002C0DK920
McAfee-GW-EditionBehavesLike.Win32.Emotet.cc
FireEyeGeneric.mg.a299beafe4488b65
EmsisoftDeepScan:Generic.Ransom.Magniber.BA3D32A9 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.bqspq
AviraHEUR/AGEN.1117679
MicrosoftRansom:Win32/Cerber.A
ArcabitDeepScan:Generic.Ransom.Magniber.BA3D32A9
AegisLabTrojan.Win32.Buzus.kZ0o
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataDeepScan:Generic.Ransom.Magniber.BA3D32A9
AhnLab-V3Trojan/Win32.Generic.C2366601
Acronissuspicious
McAfeeRansomware-Cerber.a!
MAXmalware (ai score=100)
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom_Cerber.R002C0DK920
RisingRansom.Cerber!8.3058 (CLOUD)
IkarusTrojan.Win32.Crypt
FortinetW32/Kryptik.EYKI!tr
AVGWin32:Evo-gen [Susp]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.244

How to remove Generic.Ransom.Magniber.BA3D32A9?

Generic.Ransom.Magniber.BA3D32A9 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment