Generic.Ransom.Thanatos.30DAFFF1 (file analysis)

The Generic.Ransom.Thanatos.30DAFFF1 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.Ransom.Thanatos.30DAFFF1 virus can do?

Attempts to connect to a dead IP:Port (4 unique times)
A process attempted to delay the analysis task.
At least one IP Address, Domain, or File Name was found in a crypto call
A process created a hidden window
Performs some HTTP requests
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Writes a potential ransom message to disk
Creates a hidden or system file
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

Related domains:

iplogger.com

iplogger.org

How to determine Generic.Ransom.Thanatos.30DAFFF1?


File Info:
crc32: BF3E9234
md5: 129ba175450b2020d4d67abb4abc14f4
name: 129BA175450B2020D4D67ABB4ABC14F4.mlw
sha1: 2aaaa6eb13bd7d6182cde04a92d4967c8759bc18
sha256: 0bea985f6c0876f1c3f9967d96abd2a6c739de910e7d7025ae271981e9493204
sha512: 94fdda4f2fee99a7a68f8605a7b373a0f24a1bbd58cf524568371a71f5d68a625ded2fdbc262d2ae080373f4d2688ce7b2c5dee1ec8afd86beab16c24c363a17
ssdeep: 3072:CCJkNghsM6rQ+NcmD9QEiCRmUSfzpH4KoqIx/tAg0FujtYD9VV8av:hB2Mh2DmEiCRmXZ8tAOoIav
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Generic.Ransom.Thanatos.30DAFFF1 also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 00527b491 )
Lionic	Trojan.Win32.Gen.4!c
DrWeb	Trojan.Encoder.26618
Cynet	Malicious (score: 100)
ALYac	Trojan.Ransom.Thanatos
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Thancrypt.83ed8e3b
K7GW	Trojan ( 00527b491 )
Cybereason	malicious.5450b2
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.NPM
APEX	Malicious
Avast	FileRepMalware
ClamAV	Win.Ransomware.Thanatos-6549621-0
Kaspersky	Trojan-Ransom.Win32.Gen.hpj
BitDefender	Generic.Ransom.Thanatos.30DAFFF1
NANO-Antivirus	Trojan.Win32.FileCoder.eyzzaf
ViRobot	Trojan.Win32.S.Ransom.229376.A
MicroWorld-eScan	Generic.Ransom.Thanatos.30DAFFF1
Tencent	Win32.Trojan.Gen.Dxdj
Ad-Aware	Generic.Ransom.Thanatos.30DAFFF1
Sophos	Mal/Generic-R + Mal/Thanatos-A
Comodo	Malware@#gfot7rfgzv8n
BitDefenderTheta	Gen:NN.ZexaF.34790.oCW@aC8Rnsdi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_THANATOS.THFBIAH
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
FireEye	Generic.mg.129ba175450b2020
Emsisoft	Generic.Ransom.Thanatos.30DAFFF1 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/FileCoder.csjut
Antiy-AVL	Trojan/Generic.ASMalwS.250B5BE
Microsoft	Ransom:Win32/Thancrypt.A
GData	Generic.Ransom.Thanatos.30DAFFF1
AhnLab-V3	Malware/Win32.Generic.C2438279
McAfee	Ransom-Thanatos!129BA175450B
MAX	malware (ai score=96)
VBA32	BScope.TrojanRansom.Gen
Malwarebytes	Ransom.Thanatos
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_THANATOS.THFBIAH
Rising	Ransom.Thancrypt!1.B14C (CLASSIC)
Yandex	Trojan.GenAsa!J21Q8jiGgTs
Ikarus	Trojan-Ransom.FileCrypter
Fortinet	W32/Generic.AC.40B75A
AVG	FileRepMalware
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Thanatos.HgIASOgA

How to remove Generic.Ransom.Thanatos.30DAFFF1?

Generic.Ransom.Thanatos.30DAFFF1 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Generic.Ransom.Thanatos.30DAFFF1 (file analysis)