Ransom

Mal/Generic-R + Mal/Ransom-EE removal instruction

Malware Removal

The Mal/Generic-R + Mal/Ransom-EE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Mal/Generic-R + Mal/Ransom-EE virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 127.0.0.1:12039, 0.0.0.0:16092, :0
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Attempts to modify browser security settings
  • Harvests credentials from local FTP client softwares
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

www.microsoft-analytics.xyz

How to determine Mal/Generic-R + Mal/Ransom-EE?


File Info:

crc32: FFDA9135
md5: b205a0a725eec21af405953cd339df96
name: B205A0A725EEC21AF405953CD339DF96.mlw
sha1: 634cc555898742e11ab8b0de19ef050803c15f9f
sha256: 1dde6ee741aca2daf05bfec4852cfef02c4272d222a74b42f8c517c5b25c4fbb
sha512: dfc36a9bd509cfa7fa429087e32af5de5c6a9ceb23912a8d7cc2723727f24a49dc1aaf4e88c7609e0f45cc3349642b530cfddcc01554bed6a77428a897a30e32
ssdeep: 6144:tcNH+VsanFft9Y5hclqbEi1Awvnp1pnKKSguioWC5:2NcftO5hcl3iRvp1pnKME5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: (c) Angus Johnson 1999-2002
InternalName: ResHack
FileVersion: 3.4.0.79
CompanyName:
LegalTrademarks:
Comments: Freeware, but see help file for conditions.
ProductName:
ProductVersion: 3.0.0.0
FileDescription: Resource viewer
OriginalFilename: ResHack
Aditional Notes: Not for distribution without the authors permission
Translation: 0x0c09 0x04e4

Mal/Generic-R + Mal/Ransom-EE also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 004f11891 )
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Inject2.64366
CynetMalicious (score: 100)
ALYacGen:Variant.Deliric.6
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1482006
SangforTrojan.Win32.Kryptik.8
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004f11891 )
Cybereasonmalicious.725eec
CyrenW32/S-f31cff62!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.EZAD
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Dropper.Zeus-9809556-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Deliric.6
NANO-AntivirusTrojan.Win32.Zbot.evnoox
MicroWorld-eScanGen:Variant.Deliric.6
TencentMalware.Win32.Gencirc.11495093
Ad-AwareGen:Variant.Deliric.6
SophosMal/Generic-R + Mal/Ransom-EE
ComodoTrojWare.Win32.Zbot.EZXT@7tgdwr
BitDefenderThetaGen:NN.ZexaF.34266.tu1@aG7OMYni
VIPRETrojan.Win32.Generic!BT
TrendMicroTSPY_ZBOT_FI0804A0.UVPM
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
FireEyeGeneric.mg.b205a0a725eec21a
EmsisoftGen:Variant.Deliric.6 (B)
JiangminTrojanSpy.Zbot.ffma
AviraHEUR/AGEN.1112598
eGambitUnsafe.AI_Score_78%
Antiy-AVLTrojan/Generic.ASMalwS.22DF383
MicrosoftTrojan:Win32/Zbot.YTL!MTB
GDataGen:Variant.Deliric.6
AhnLab-V3Trojan/Win32.Foreign.C2277779
Acronissuspicious
McAfeeGenericRXAD-DK!B205A0A725EE
MAXmalware (ai score=98)
VBA32Trojan-Ransom.Foreign
MalwarebytesMalware.AI.3586241266
PandaTrj/GdSda.A
TrendMicro-HouseCallTSPY_ZBOT_FI0804A0.UVPM
RisingTrojan.Generic@ML.100 (RDML:cn8eEf3031HsXSXptTbGpg)
YandexTrojan.GenAsa!UUg3r/WniFA
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.FCAB!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Mal/Generic-R + Mal/Ransom-EE?

Mal/Generic-R + Mal/Ransom-EE removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment