Categories: Ransom

Generic.Ransom.Magniber.BA3D32A9 (file analysis)

The Generic.Ransom.Magniber.BA3D32A9 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Magniber.BA3D32A9 virus can do?

Executable code extraction
Enumerates user accounts on the system
Creates RWX memory
A process created a hidden window
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Modifies boot configuration settings
Exhibits behavior characteristic of Cerber ransomware
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Mimics the file times of a Windows system file
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.Magniber.BA3D32A9?


File Info:
crc32: 6F8381F8md5: a299beafe4488b6585374f4312b4a42aname: A299BEAFE4488B6585374F4312B4A42A.mlwsha1: 6af67dc25c046e4b26304af706d5f91271708075sha256: 9b55fd042b2111ba7277e4f97a1cb30d3dfed38b011e5612b728d59725780b13sha512: 03e43bd3c1f2ec54d15aec5b3aee9fad08312b74734d8af448b0e6e793146d70cddd9c2be668796953a6e300867ebe139a597538d445581cc6e552e976a1bffassdeep: 3072:9clduR5NK74+SgTAhhiq+jGqZPqJ9xSWppX:C/miyWNqQKvxdXtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Snedded FedInternalName: prowFileVersion: 11.1CompanyName: Snedded FedProductName: prow omnimeter codProductVersion: 11.1FileDescription: prow trueing hoverOriginalFilename: prow.exeTranslation: 0x0409 0x04b0

Generic.Ransom.Magniber.BA3D32A9 also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 004f07d41 )
DrWeb	Trojan.Encoder.4691
Cynet	Malicious (score: 100)
ALYac	DeepScan:Generic.Ransom.Magniber.BA3D32A9
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.2783773
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Cerber.ca6dd3ea
K7GW	Trojan ( 004f07d41 )
Cybereason	malicious.fe4488
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.EYKI
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	DeepScan:Generic.Ransom.Magniber.BA3D32A9
NANO-Antivirus	Trojan.Win32.Encoder.evdmeo
MicroWorld-eScan	DeepScan:Generic.Ransom.Magniber.BA3D32A9
Tencent	Win32.Trojan.Generic.Llqv
Ad-Aware	DeepScan:Generic.Ransom.Magniber.BA3D32A9
Sophos	Mal/Generic-R + Mal/EncPk-ABY
Comodo	Malware@#3fvn7pw0pe5ep
BitDefenderTheta	AI:Packer.F589A1061E
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_Cerber.R002C0DK920
McAfee-GW-Edition	BehavesLike.Win32.Emotet.cc
FireEye	Generic.mg.a299beafe4488b65
Emsisoft	DeepScan:Generic.Ransom.Magniber.BA3D32A9 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.bqspq
Avira	HEUR/AGEN.1117679
Microsoft	Ransom:Win32/Cerber.A
Arcabit	DeepScan:Generic.Ransom.Magniber.BA3D32A9
AegisLab	Trojan.Win32.Buzus.kZ0o
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	DeepScan:Generic.Ransom.Magniber.BA3D32A9
AhnLab-V3	Trojan/Win32.Generic.C2366601
Acronis	suspicious
McAfee	Ransomware-Cerber.a!
MAX	malware (ai score=100)
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_Cerber.R002C0DK920
Rising	Ransom.Cerber!8.3058 (CLOUD)
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.EYKI!tr
AVG	Win32:Evo-gen [Susp]
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.244