Ransom

About “Generic.Ransom.NSIS.Androm2.DFAB7045” infection

Malware Removal

The Generic.Ransom.NSIS.Androm2.DFAB7045 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.Ransom.NSIS.Androm2.DFAB7045 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Harvests cookies for information gathering
  • Creates a known Cerber ransomware decryption instruction / key file.
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Generic.Ransom.NSIS.Androm2.DFAB7045?


File Info:

name: E4A9E688E4981F83696C.mlw
path: /opt/CAPEv2/storage/binaries/267ae59f0ff9d496fd7718ea929f657c059dbb3203a837c8dc352604e1a35f56
crc32: 99C3656D
md5: e4a9e688e4981f83696c003aad68d520
sha1: 0b0d751d50245c835964f444209a60e9f84c77b6
sha256: 267ae59f0ff9d496fd7718ea929f657c059dbb3203a837c8dc352604e1a35f56
sha512: 08736885d515617cd68202f2e077deb03e826d086acbb6ea0ebacfa7b131f22831f1e6006312cef8aed55ffbc8dd454f134432bf684a7beacf6f9920f460014a
ssdeep: 6144:apkXGhDgoeysp/Ol16XmyXUIwQA8NiPAdhP06kPL:7RovCiRyXUrQA82A4dPL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DB540251B2854857EE1725B03C6FFA163259EEEA712A9F0B1702BF05BDD3242112BF1B
sha3_384: 11c00119166fc0c676a66aec4d2e4be0f04db5b4587d925bf5ad44190bcaae687d5308dc8b49939ea90e115019130701
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2016-07-09 04:21:49

Version Info:

0: [No Data]

Generic.Ransom.NSIS.Androm2.DFAB7045 also known as:

MicroWorld-eScanDeepScan:Generic.Ransom.NSIS.Androm2.DFAB7045
FireEyeGeneric.mg.e4a9e688e4981f83
CAT-QuickHealRansom.Cerber.B
McAfeeArtemis!E4A9E688E498
SangforTrojan.Win32.Cerber.1
K7AntiVirusTrojan ( 0055e3ef1 )
K7GWTrojan ( 0055e3ef1 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecRansom.Cerber
Elasticmalicious (high confidence)
ESET-NOD32Win32/Filecoder.Cerber.D
TrendMicro-HouseCallRansom_Agent.R03BC0OID22
ClamAVWin.Ransomware.Gamarue-6995442-0
KasperskyHEUR:Trojan-Ransom.Win32.Agent.gen
BitDefenderDeepScan:Generic.Ransom.NSIS.Androm2.DFAB7045
NANO-AntivirusTrojan.Nsis.Cayu.ekaniy
CynetMalicious (score: 99)
AvastWin32:Trojan-gen
Ad-AwareDeepScan:Generic.Ransom.NSIS.Androm2.DFAB7045
DrWebTrojan.Inject4.42855
VIPREDeepScan:Generic.Ransom.NSIS.Androm2.DFAB7045
TrendMicroRansom_Agent.R03BC0OID22
SentinelOneStatic AI – Malicious PE
EmsisoftDeepScan:Generic.Ransom.NSIS.Androm2.DFAB7045 (B)
APEXMalicious
GDataDeepScan:Generic.Ransom.NSIS.Androm2.DFAB7045
AviraTR/Dropper.Gen
MAXmalware (ai score=81)
KingsoftWin32.Troj.Undef.(kcloud)
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftRansom:Win32/Cerber!rfn
GoogleDetected
AhnLab-V3Trojan/Win32.Zerber.C1714625
ALYacDeepScan:Generic.Ransom.NSIS.Androm2.DFAB7045
MalwarebytesTrojan.Cerber.NSIS
IkarusTrojan.NSIS.Injector
FortinetW32/Injector.OE!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.8e4981
PandaTrj/CI.A

How to remove Generic.Ransom.NSIS.Androm2.DFAB7045?

Generic.Ransom.NSIS.Androm2.DFAB7045 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment