Malware

Mal/GandCrab-B removal instruction

Malware Removal

The Mal/GandCrab-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Mal/GandCrab-B virus can do?

  • Attempts to mimic the file extension of a PDF document by having ‘pdf’ in the file name.
  • Unconventionial language used in binary resources: Danish
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Mal/GandCrab-B?


File Info:

crc32: C2C5EB0F
md5: b4fc1596157eb7b7900dd1da72c301c4
name: tracking_number.pdf.exe
sha1: e0c4095c71475036bd79f8bb926fcb575d446d36
sha256: 0452a7ada10bdeda0eb905da0549955f9ce8486ff7cf76a51d73f90a90e89aad
sha512: 6a7f72c23344c128dc1d7c25942affedd7c36960da229caebee274c395013d07db9bcb77a24f8cf00e765cbbd1d346cb925dc67a63ac9da2c3621c49c1c1cf48
ssdeep: 3072:ePI88gNJMXBNO2gwvT+qaRER85N/0N9eaoRSh+KpVmytJKF7Gb:yI8FNmBJrxR85N/0N9eao+UCJsM
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

ProductVersion: 10.1.10.11
Translation: 0x0848 0x0e97

Mal/GandCrab-B also known as:

BkavW32.AIDetectVM.malware
DrWebTrojan.Encoder.24384
MicroWorld-eScanTrojan.GenericKD.30997249
FireEyeGeneric.mg.b4fc1596157eb7b7
CAT-QuickHealTrojan.Mauvaise.SL1
McAfeeGenericRXGJ-JL!B4FC1596157E
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.GandCrypt.tq1Y
SangforMalware
K7AntiVirusTrojan ( 0053305e1 )
BitDefenderTrojan.GenericKD.30997249
K7GWTrojan ( 0053305e1 )
Cybereasonmalicious.6157eb
TrendMicroRansom_GANDCRAB.SMALY-3
BitDefenderThetaGen:NN.ZexaF.34084.nu1@aevRA5pO
CyrenW32/S-00ee55d1!Eldorado
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
ClamAVWin.Ransomware.Gandcrab-6986826-0
GDataTrojan.GenericKD.30997249
KasperskyHEUR:Trojan.Win32.Generic
AlibabaVirTool:Win32/CeeInject.80aada57
NANO-AntivirusTrojan.Win32.Encoder.fehhuu
ViRobotTrojan.Win32.GandCrab.Gen.A
TencentMalware.Win32.Gencirc.10b0806b
Ad-AwareTrojan.GenericKD.30997249
SophosMal/GandCrab-B
ComodoTrojWare.Win32.Chapak.FS@7prmd9
F-SecureTrojan.TR/FileCoder.EV
ZillyaTrojan.GandCrypt.Win32.445
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
Trapminemalicious.high.ml.score
EmsisoftTrojan.Crypt (A)
IkarusTrojan-Ransom.GandCrab
F-ProtW32/S-00ee55d1!Eldorado
JiangminTrojan.PSW.Coins.nk
MaxSecureRansomeware.CRAB.gen
AviraTR/FileCoder.EV
MAXmalware (ai score=100)
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D1D8FB01
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftRansom:Win32/GandCrab.AE
AhnLab-V3Win-Trojan/Gandcrab02.Exp
Acronissuspicious
VBA32BScope.TrojanPSW.Stealer
ALYacTrojan.Ransom.GandCrab
TACHYONRansom/W32.GandCrab.219661
MalwarebytesTrojan.MalPack
PandaTrj/Genetic.gen
ZonerTrojan.Win32.68915
ESET-NOD32Win32/Filecoder.GandCrab.B
TrendMicro-HouseCallRansom_GANDCRAB.SMALY-3
RisingRansom.GandCrypt!8.F33E (CLOUD)
YandexTrojan.PWS.Coins!
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/GenKryptik.CNAR!tr
WebrootW32.Trojan.Gen
AVGWin32:RansomX-gen [Ransom]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.Multi.daf

How to remove Mal/GandCrab-B?

Mal/GandCrab-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment