Ransom

Generic.Ransom.MedusaLocker.EDCB8D23 removal

Malware Removal

The Generic.Ransom.MedusaLocker.EDCB8D23 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.MedusaLocker.EDCB8D23 virus can do?

  • A file was accessed within the Public folder.
  • Uses Windows utilities for basic functionality
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Performs a large number of encryption calls using the same key possibly indicative of ransomware file encryption behavior
  • CAPE detected the MedusaLocker malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Windows Defender AV emulator via files
  • Creates a copy of itself
  • Attempts to ensure mapped drives are available from an elevated prompt or process with UAC enabled
  • Touches a file containing cookies, possibly for information gathering
  • Attempts to masquerade or mimic a legitimate process or file name
  • Creates known MedusaLocker ransomware mutexes
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Generic.Ransom.MedusaLocker.EDCB8D23?



File Info:

name: FA38D3D5AAD0CBCC1F1E.mlw
path: /opt/CAPEv2/storage/binaries/db11260b9eff22f397c4eb6e2f50d02545dbb7440046c6f12dbc68e0f32d57ce
crc32: 76A14F25
md5: fa38d3d5aad0cbcc1f1e174183ebcb41
sha1: 928e643481d99b63fe12d2bc5d9cbb886b9c3bcc
sha256: db11260b9eff22f397c4eb6e2f50d02545dbb7440046c6f12dbc68e0f32d57ce
sha512: 11b717f20c527055c379054750bb03ac9ee39da4e05b3d02f1a35d4e1c46c435c21357456173e24d4c1d136ab7f18161f5de7afa66256316f56f49ccfc542874
ssdeep: 12288:QiaTdqe/jo+NKPnRX+LKA3e0ywqWKUWsM/MUGZefyti4RFhMhZoUla/krtMVx:M/c+NKPnRX+n3e0+zLMUGYfSxYMP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A1E47D2036C29132E97305728E7D966D41ADFA620B2A5DD7A3CC151D5FB98F27E32233
sha3_384: 7bd5d90b0011d4cd9dca40e4a94a2df07b1b6c57744f1e6b1cdfe26b3609aaec1d29d7ee4886fdd7ee5548f323d453c1
ep_bytes: e8fc070000e97afeffff8b4df464890d
timestamp: 2019-10-31 06:08:38


Version Info:

0: [No Data]

Generic.Ransom.MedusaLocker.EDCB8D23 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Medusa.j!c
CynetMalicious (score: 100)
CAT-QuickHealRansom.Ako.S12518913
ALYacTrojan.Ransom.MedusaLocker
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Filecoder.Win32.10933
SangforRansom.Win32.Save.a
K7AntiVirusTrojan ( 0055a9531 )
AlibabaRansom:Win32/MedusaLocker.7a44a18e
K7GWTrojan ( 0055a9531 )
Cybereasonmalicious.481d99
CyrenW32/Ransom.OB.gen!Eldorado
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.MedusaLocker.C
APEXMalicious
ClamAVWin.Ransomware.MedusaLocker-9811275-1
KasperskyTrojan-Ransom.Win32.Medusa.m
BitDefenderGeneric.Ransom.MedusaLocker.EDCB8D23
NANO-AntivirusTrojan.Win32.Medusa.ggetvl
MicroWorld-eScanGeneric.Ransom.MedusaLocker.EDCB8D23
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b5fc2e
EmsisoftTrojan.FileCoder (A)
F-SecureHeuristic.HEUR/AGEN.1319231
DrWebTrojan.Encoder.30060
VIPREGeneric.Ransom.MedusaLocker.EDCB8D23
TrendMicroRansom.Win32.MEDUSALOCKER.SMTH
McAfee-GW-EditionBehavesLike.Win32.DropperAutoIt.jh
FireEyeGeneric.mg.fa38d3d5aad0cbcc
SophosTroj/Medusa-Fam
IkarusTrojan-Ransom.Medusalocker
JiangminTrojan.Medusa.f
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1319231
Antiy-AVLTrojan[Ransom]/Win32.Medusa
MicrosoftRansom:Win32/MedusaLocker.A!MTB
XcitiumMalware@#1ycpz1uuwce75
ArcabitGeneric.Ransom.MedusaLocker.EDCB8D23
ZoneAlarmTrojan-Ransom.Win32.Medusa.m
GDataWin32.Trojan-Ransom.Medusa.A
GoogleDetected
AhnLab-V3Malware/Win32.Ransom.C3595403
McAfeeRansomware-GUB!FA38D3D5AAD0
MAXmalware (ai score=100)
VBA32BScope.TrojanRansom.Medusa
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallRansom.Win32.MEDUSALOCKER.SMTH
RisingRansom.Medusa!8.11358 (TFE:5:nqKpGQ3X54O)
YandexTrojan.GenAsa!3Z32sA+C3o0
MaxSecureTrojan.Malware.74707707.susgen
FortinetW32/MedusaLocker.C!tr.ransom
BitDefenderThetaGen:NN.ZexaF.36662.PuW@aO!b0ibi
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Generic.Ransom.MedusaLocker.EDCB8D23?

Generic.Ransom.MedusaLocker.EDCB8D23 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment