Categories: Ransom

Generic.Ransom.Spora.FED1247B malicious file

The Generic.Ransom.Spora.FED1247B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Ransom.Spora.FED1247B virus can do?

  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Uses Windows utilities to enumerate running processes
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Generic.Ransom.Spora.FED1247B?



File Info:

name: 7D1C7CE6A2F202BB5DF3.mlwpath: /opt/CAPEv2/storage/binaries/81a27b3dcfbd52ceb68043465a9aaa3ff6a2e4d04e487197bb23db5c76eec740crc32: 4D9449E0md5: 7d1c7ce6a2f202bb5df3f45c7f62bac3sha1: 50a9f5b3130b14d5a18b418e9c355586eaecf4fbsha256: 81a27b3dcfbd52ceb68043465a9aaa3ff6a2e4d04e487197bb23db5c76eec740sha512: 48b20444b0d72a37ecbed0969e2a9d9be3efc51d75e1283bc755cad10068fb40055430dc1fc4b295aae3d31d71de86d84b4f1c29da8636a3ef0baf014eaf82cdssdeep: 24576:RsBH9jqVwCwh/RICu4upRwIzAKXRYVN2uaj7MM1By+hm:uH9jJ9RspRwIDRiJak2By+hmtype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T1A7359D30B592D073E56201F04EB8FA9A516DFC250F3586DFB7E44A2E6A304D24E32E67sha3_384: e62621c0f082a11f0870d1711da77d98c93f0e1ceb1c827c9499a57775a6485e01a5dc0ec3eb238dcbd046300b02a8fbep_bytes: e8f20c0000e974feffffcccccccccc80timestamp: 2022-05-01 01:55:49

Version Info:

CompanyName: MicrosoftFileDescription: Microsoft Protection ServiceProductName: MicrosoftTranslation: 0x0409 0x04b0

Generic.Ransom.Spora.FED1247B also known as:

Lionic Trojan.Win32.Generic.j!c
Elastic malicious (high confidence)
ALYac Trojan.Ransom.Filecoder
Cylance Unsafe
Zillya Trojan.Filecoder.Win32.24305
Sangfor Ransom.Win32.Generic.ky
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Ransom:Win32/Filecoder.1b1cb61c
K7GW Trojan ( 0058fa831 )
K7AntiVirus Trojan ( 0058fa831 )
Cyren W32/ABRisk.EPFI-4651
ESET-NOD32 a variant of Win32/Filecoder.OIF
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Ransom.Win32.Generic
BitDefender DeepScan:Generic.Ransom.Spora.FED1247B
MicroWorld-eScan DeepScan:Generic.Ransom.Spora.FED1247B
Avast Win32:RansomX-gen [Ransom]
Tencent Win32.Trojan.Filecoder.Fajl
Ad-Aware DeepScan:Generic.Ransom.Spora.FED1247B
Emsisoft DeepScan:Generic.Ransom.Spora.FED1247B (B)
F-Secure Trojan.TR/FileCoder.grboi
VIPRE DeepScan:Generic.Ransom.Spora.FED1247B
TrendMicro TROJ_GEN.R002C0PEH22
McAfee-GW-Edition GenericRXSU-TJ!7D1C7CE6A2F2
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.7d1c7ce6a2f202bb
Sophos Mal/Generic-S
Ikarus Trojan-Ransom.FileCrypter
GData DeepScan:Generic.Ransom.Spora.FED1247B
Jiangmin Trojan.DelShad.brc
Webroot W32.Trojan.Gen
Avira TR/FileCoder.grboi
Antiy-AVL Trojan/Generic.ASMalwS.7730
Arcabit DeepScan:Generic.Ransom.Spora.FEDD4DFB
ZoneAlarm HEUR:Trojan-Ransom.Win32.Generic
Microsoft Ransom:Win32/SporaCrypt.PAD!MTB
Google Detected
AhnLab-V3 Ransomware/Win.Cryptolocker.R522524
McAfee GenericRXSU-TJ!7D1C7CE6A2F2
MAX malware (ai score=86)
VBA32 BScope.Exploit.Convagent
Malwarebytes Ransom.Spora
TrendMicro-HouseCall TROJ_GEN.R002C0PEH22
Rising Ransom.RCRU!1.DDE5 (CLASSIC)
MaxSecure Trojan.Malware.10307848.susgen
Fortinet W32/Filecoder.OIE!tr.ransom
BitDefenderTheta AI:Packer.807C82091C
AVG Win32:RansomX-gen [Ransom]
Cybereason malicious.6a2f20
Panda Trj/RansomGen.A

How to remove Generic.Ransom.Spora.FED1247B?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Generic.Ransom.Spora.FED1247B
2 years ago

Recent Posts

What is “Trojan.Generic.30064921”?

The Trojan.Generic.30064921 is considered dangerous by lots of security experts. When this infection is active,…

31 mins ago

How to remove “Adware:Win32/Stapcore”?

The Adware:Win32/Stapcore is considered dangerous by lots of security experts. When this infection is active,…

35 mins ago

Should I remove “Malware.AI.4293759626”?

The Malware.AI.4293759626 is considered dangerous by lots of security experts. When this infection is active,…

41 mins ago

Zusy.545749 malicious file

The Zusy.545749 is considered dangerous by lots of security experts. When this infection is active,…

52 mins ago

TrojanSpy:MSIL/Ohona.A removal guide

The TrojanSpy:MSIL/Ohona.A is considered dangerous by lots of security experts. When this infection is active,…

52 mins ago

Worm.Win32.VBNA.brsj removal instruction

The Worm.Win32.VBNA.brsj is considered dangerous by lots of security experts. When this infection is active,…

55 mins ago