Ransom

What is “Generic.Ransom.Snatch.A5B8CC97”?

Malware Removal

The Generic.Ransom.Snatch.A5B8CC97 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.Snatch.A5B8CC97 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Exhibits possible ransomware file modification behavior
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.Snatch.A5B8CC97?



File Info:

name: 58BEAA9058C8FC4E3BE9.mlw
path: /opt/CAPEv2/storage/binaries/ab6b0d00ba8f8553c015743b9da8761a9b1fca750d3f73bda573a8fbc47dafa1
crc32: 402917A4
md5: 58beaa9058c8fc4e3be97806566ab495
sha1: ed481af02c2909cca3b7a6bb7eb855bf92bb10c2
sha256: ab6b0d00ba8f8553c015743b9da8761a9b1fca750d3f73bda573a8fbc47dafa1
sha512: 86165e1e115094592e32ab19caa18bcd59ae7164ed1f29dcc8c4ed50efe2e7e953cc32a0173d95b5a27c831170632069b0a98f1e451dc4931ea8965ad0d2c2c6
ssdeep: 98304:DsCJRwKuLeiLhsWANon0Jag3XPFf2Q2Rgr9yL:DsbKTI/0Ff2Q2Rd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E1668C41F9AF64F5EF83223044B7922F3730A6098326DFC7CB545EA7E4176D15A322A6
sha3_384: 3363e447cf6d56c6aa77a316dfcf90e5fcea41b443c4ea09232d0b533ed6f08daa5338e056da56039317ba2b69801289
ep_bytes: e99bdbffffcccccccccccccccccccccc
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Generic.Ransom.Snatch.A5B8CC97 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Snatch.4!c
MicroWorld-eScanGeneric.Ransom.Snatch.A5B8CC97
FireEyeGeneric.Ransom.Snatch.A5B8CC97
CAT-QuickHealRansom.Hceem.S6020807
McAfeeRansom-Snatch!58BEAA9058C8
CylanceUnsafe
VIPREGeneric.Ransom.Snatch.A5B8CC97
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005502e41 )
BitDefenderGeneric.Ransom.Snatch.A5B8CC97
K7GWTrojan ( 005502e41 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitGeneric.Ransom.Snatch.A5B8CC97
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.NVR
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.DelShad.nd
AlibabaTrojan:Win32/DelShad.93997ebf
NANO-AntivirusTrojan.Win32.DelShad.ftcnqe
ViRobotTrojan.Win32.Ransom.6909952
RisingTrojan.Generic@AI.87 (RDMK:bsWWuSCEVeha3O7NaUFQUg)
Ad-AwareGeneric.Ransom.Snatch.A5B8CC97
TACHYONRansom/W32.Agent.6793216
EmsisoftGeneric.Ransom.Snatch.A5B8CC97 (B)
ComodoMalware@#2crt3tny29pcg
ZillyaTrojan.Filecoder.Win32.9472
TrendMicroRansom.Win32.SNATCH.B
McAfee-GW-EditionBehavesLike.Win32.Backdoor.vh
SophosTroj/Ransom-FMS
JiangminTrojan.DelShad.g
WebrootW32.Ransom.Snatch
AviraTR/Ransom.Gen
Antiy-AVLTrojan/Generic.ASMalwS.6769
MicrosoftTrojan:Win32/CryptInject!MSR
GDataGeneric.Ransom.Snatch.A5B8CC97
GoogleDetected
AhnLab-V3Malware/Win32.Ransom.C3245861
BitDefenderThetaGen:NN.ZexaE.34646.@7W@aq@ZaHi
ALYacTrojan.Ransom.Snatch
VBA32Trojan.DelShad
MalwarebytesMalware.AI.3138496919
PandaTrj/CI.A
TrendMicro-HouseCallRansom.Win32.SNATCH.B
TencentWin32.Trojan.Filecoder.Simw
IkarusTrojan-Ransom.Snatch
MaxSecureTrojan.Malware.74392206.susgen
FortinetW32/Filecoder.NVR!tr.ransom
AVGWin32:Malware-gen
Cybereasonmalicious.058c8f
AvastWin32:Malware-gen

How to remove Generic.Ransom.Snatch.A5B8CC97?

Generic.Ransom.Snatch.A5B8CC97 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment