Categories: Ransom

ML/PE-A + Mal/Ransom-EF removal instruction

The ML/PE-A + Mal/Ransom-EF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Mal/Ransom-EF virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Compression (or decompression)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to delete volume shadow copies
A system process is generating network traffic likely as a result of process injection
Behavior consistent with a dropper attempting to download the next stage.
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Attempts to modify browser security settings
Creates a copy of itself
Harvests information related to installed mail clients
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

How to determine ML/PE-A + Mal/Ransom-EF?


File Info:
crc32: BEE26D6Dmd5: aab9747c21027e8725e3928061c90bc8name: AAB9747C21027E8725E3928061C90BC8.mlwsha1: 0db81e32f6087acba36b023ab8d0bb5eb3537986sha256: 15f8b313d166a5e572352ce9b81d7e45ab744a55ec559d9ce4e246a0a53315c5sha512: 047e116a44132a392c317f8fef627905bd4ce80f62d7efc0f1762895aaab507eed64247d58c15b8164a9b5ff2cd31eccf18d5aad9cadfe37bc5c4f122529448assdeep: 3072:N9HbZMcN8Xr1zI2PnICVqE9TvAU9wbFUY6L3yXMk8j9tU:NRZMcNAI2gCVqEZwWiXMVjnUtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: 2015 (C) 2011InternalName: PrintingsFileVersion: 0.246.212.37CompanyName: HCI DesignProductName: Ravage SkipperedProductVersion: 0.50.86.149FileDescription: Reaccept Skinless Tautological

ML/PE-A + Mal/Ransom-EF also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0055e3ef1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Siggen1.46546
ALYac	Trojan.TeslaCrypt.Gen.4
Zillya	Backdoor.Androm.Win32.32323
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.TeslaCrypt.Gen.4
K7GW	Trojan ( 0055e3ef1 )
Cybereason	malicious.c21027
Symantec	Ransom.Cryptolock!gm
ESET-NOD32	Win32/Filecoder.TorrentLocker.A
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Packed.Win32.Tpyn
Alibaba	Packed:Win32/TorrentLocker.290efe6f
NANO-Antivirus	Trojan.Win32.Androm.eamdks
MicroWorld-eScan	Trojan.TeslaCrypt.Gen.4
Tencent	Malware.Win32.Gencirc.114c2628
Ad-Aware	Trojan.TeslaCrypt.Gen.4
Sophos	ML/PE-A + Mal/Ransom-EF
Comodo	Malware@#p1a69h55qyov
BitDefenderTheta	Gen:NN.ZexaF.34628.kq1@aa4c5Vh
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPCRYPTESLA.SM2
McAfee-GW-Edition	Ransom-Teerac!AAB9747C2102
FireEye	Generic.mg.aab9747c21027e87
Emsisoft	Trojan.TeslaCrypt.Gen.4 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Backdoor.Androm.ebf
Avira	HEUR/AGEN.1103118
eGambit	Unsafe.AI_Score_99%
AegisLab	Hacktool.Win32.Tpyn.x!c
GData	Trojan.TeslaCrypt.Gen.4
AhnLab-V3	Malware/Win32.Generic.C1338365
VBA32	Trojan.Deshacop
MAX	malware (ai score=80)
TrendMicro-HouseCall	Ransom_HPCRYPTESLA.SM2
Rising	Ransom.FileCryptor!8.1A7 (CLOUD)
Ikarus	Trojan-Ransom.CryptoWall3
Fortinet	W32/Kryptik.EOSX!tr
Panda	Trj/GdSda.A
Qihoo-360	Win32/Ransom.Bitman.HwcBEpsA