Ransom

Generic.Ransom.Mole.CD577768 (B) removal instruction

Malware Removal

The Generic.Ransom.Mole.CD577768 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.Mole.CD577768 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Manipulates data from or to the Recycle Bin
  • A process created a hidden window
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to delete or modify volume shadow copies
  • Attempts to stop active services
  • Modifies boot configuration settings
  • Collects and encrypts information about the computer likely to send to C2 server
  • Installs itself for autorun at Windows startup
  • Attempts to disable Windows Defender
  • Creates a known CryptoMix ransomware decryption instruction / key file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.Mole.CD577768 (B)?



File Info:

name: 0544D12FA8DDBDB8E31A.mlw
path: /opt/CAPEv2/storage/binaries/f9c643e8a8fb66094572ace8608a75724785514e913c557f2239269a3277af7e
crc32: DDD5E03E
md5: 0544d12fa8ddbdb8e31a9eef72853a53
sha1: 6240d35ac068e8cfcd496d750d99ad95d1543146
sha256: f9c643e8a8fb66094572ace8608a75724785514e913c557f2239269a3277af7e
sha512: 5ed78b3aed6489076aa01a20f2d817ca4132210385290ba22350764aef158619228e20f19c4024ca261ec0ba6f1ee470370c5e77320f57c7da276f406f72f393
ssdeep: 3072:Rq0CzD9PIbmhxFA3Jf9QGgOBpeDhx+JBjGqXSr1wfMJJvshcWX6HEH399NtnjkHp:dCzabmhnC9QPOBpeDSeSY1cMbvsikLj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10B54BF20A278EF31E07312394862B71E5A3B7CE406B118A76BDB327E3DB5350D6C9752
sha3_384: 6cc06a6e0f152fe114e7ff5fba977f99e9aea07b865bb31cd055dea8a4c28066a160804f413cb302da802f8316bb75a8
ep_bytes: 558bec81eca80a0000a1c09e1c1c33c5
timestamp: 2017-07-18 19:03:15


Version Info:

0: [No Data]

Generic.Ransom.Mole.CD577768 (B) also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Mole.4!c
DrWebTrojan.MulDrop16.47383
MicroWorld-eScanGeneric.Ransom.Mole.CD577768
FireEyeGeneric.mg.0544d12fa8ddbdb8
ALYacTrojan.Ransom.Mole
CylanceUnsafe
ZillyaTrojan.DelShad.Win32.1292
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00511caa1 )
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 00511caa1 )
Cybereasonmalicious.fa8ddb
BitDefenderThetaGen:NN.ZexaF.34742.ryZ@a4vvM3oi
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.HydraCrypt.L
Paloaltogeneric.ml
ClamAVWin.Ransomware.Cryptomix-6489204-0
KasperskyTrojan.Win32.DelShad.gff
BitDefenderGeneric.Ransom.Mole.CD577768
AvastWin32:Trojan-gen
TencentWin32.Trojan.Delshad.Dku
Ad-AwareGeneric.Ransom.Mole.CD577768
EmsisoftGeneric.Ransom.Mole.CD577768 (B)
VIPREGeneric.Ransom.Mole.CD577768
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
Trapminemalicious.moderate.ml.score
SophosTroj/Hydran-A
IkarusTrojan-Ransom.HydraCrypt
GDataGeneric.Ransom.Mole.CD577768
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1220820
MicrosoftRansom:Win32/Cryptomix.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Fury.R206352
McAfeeArtemis!0544D12FA8DD
MAXmalware (ai score=100)
VBA32BScope.TrojanRansom.Fury
MalwarebytesRansom.FileCryptor
APEXMalicious
RisingTrojan.Generic@AI.80 (RDML:RX+Xmu1qCDx+4oL79DpBZg)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.117600954.susgen
FortinetW32/FileCoder.HYDRACRYPT.L!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Generic.Ransom.Mole.CD577768 (B)?

Generic.Ransom.Mole.CD577768 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment