Ransom

ML/PE-A + Mal/Ransom-AL information

Malware Removal

The ML/PE-A + Mal/Ransom-AL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/Ransom-AL virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Loads a driver
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
images5.content5.goldsparx.com
images6.content6.goldsparx.com

How to determine ML/PE-A + Mal/Ransom-AL?



File Info:

crc32: 170C14AE
md5: 00cb5ecc81c9670aa395a9c843bb7671
name: 00CB5ECC81C9670AA395A9C843BB7671.mlw
sha1: f51c4ff124b69b61e8373b621557f1f2b27af5c5
sha256: a7612a9948437d7696e799cf272946393796e009ecc3c3ae83cc4438197f6d27
sha512: b2fe3078a43bd4ac50b0f1ea68d7f14c3b2619a1fc6e144ffa82453f2557a41b365bd64ef1e334ad02d3e951675b2c08a7ad807d6350d4a1d8cd8ec361a2af82
ssdeep: 3072:UzqNrSQUeEBmQHJdTgGXRvxNRwf87i3VDt21a6:+yP/AkGBvx0fxVD2
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2005 - 2011, SystemSoft Solutions
InternalName: xpdview
FileVersion: 4.2.7.3
CompanyName: SystemSoft Soludions
ProductName: XdS viewer tool for Wbem services
ProductVersion: 4.2.1.3
FileDescription: XdS viewer tool for Wbem services
OriginalFilename: xpsview
Translation: 0x0009 0x04b0

ML/PE-A + Mal/Ransom-AL also known as:

BkavW32.AIDetect.malware1
K7AntiVirusPassword-Stealer ( 003bbfec1 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.3498
CynetMalicious (score: 100)
ALYacGen:Variant.Nebuler.10
CylanceUnsafe
ZillyaTrojan.Tepfer.Win32.29154
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWPassword-Stealer ( 003bbfec1 )
Cybereasonmalicious.c81c96
CyrenW32/Fareit.E.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/PSW.Fareit.A
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Nebuler.10
NANO-AntivirusTrojan.Win32.Panda.crlayw
MicroWorld-eScanGen:Variant.Nebuler.10
TencentWin32.Trojan.Generic.Eop
Ad-AwareGen:Variant.Nebuler.10
SophosML/PE-A + Mal/Ransom-AL
ComodoMalware@#2s9s2cfwtoit1
BitDefenderThetaGen:NN.ZexaF.34722.iq0@au@56uek
VIPRETrojan.Win32.Fareit.b (v)
TrendMicroTROJ_RANSOM.SMC7
McAfee-GW-EditionBehavesLike.Win32.Sality.cc
FireEyeGeneric.mg.00cb5ecc81c9670a
EmsisoftGen:Variant.Nebuler.10 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Generic.asnba
AviraHEUR/AGEN.1117315
eGambitUnsafe.AI_Score_94%
Antiy-AVLTrojan/Generic.ASMalwS.29A6BA
MicrosoftPWS:Win32/Fareit
ArcabitTrojan.Nebuler.10
AegisLabTrojan.Win32.Generic.4!c
GDataGen:Variant.Nebuler.10
AhnLab-V3Trojan/Win32.Tepfer.R51227
McAfeePWS-Zbot-FALP!00CB5ECC81C9
MAXmalware (ai score=99)
VBA32BScope.TrojanPSW.Panda
PandaGeneric Malware
TrendMicro-HouseCallTROJ_RANSOM.SMC7
RisingTrojan.Generic@ML.92 (RDML:RanzFdajFJYUoVYBGQBa9w)
YandexTrojan.GenAsa!Lhzs2cTvgco
IkarusTrojan-PWS.Win32.Fareit
FortinetW32/Zbot.ASM!tr
AVGWin32:Malware-gen

How to remove ML/PE-A + Mal/Ransom-AL?

ML/PE-A + Mal/Ransom-AL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment