Categories: Ransom

How to remove “ML/PE-A + Troj/Ransom-BQZ”?

The ML/PE-A + Troj/Ransom-BQZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/Ransom-BQZ virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Arabic (Algeria)
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to delete volume shadow copies
  • Deletes its original binary from disk
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a known TeslaCrypt/AlphaCrypt ransomware decryption instruction / key file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
myexternalip.com
ocsp.pki.goog
www.ceremonyofficiants.com
vinvish.com
crls.pki.goog
mugegorcuk.com
crl.pki.goog
sistemaslye.com
w3dot.info

How to determine ML/PE-A + Troj/Ransom-BQZ?



File Info:

crc32: 5692A0DDmd5: 7becaefdba19532194a527237b97f445name: 7BECAEFDBA19532194A527237B97F445.mlwsha1: f73e78d91b1c4e135f850ffc3a3fc854f101cd99sha256: 237c4eee514aff9e3ed7677fc87ffac434353e8412dde3a40638348278b79974sha512: 49c08f0d00ffc49ff6f7d949931f4bab9feb3d4fd69bbd85f1677c25450462e01b0e6a81d3bbd35432af29f1501aab373cc0ceaa01c3dd7d99894450ae8dff3fssdeep: 6144:tls4RB/HucgsAOJZjzmuMXdgLsGcZVC2h19rSWqNXhz9lIf:U4LPucgshTidgLsGACWnrSfRz9l6type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

ML/PE-A + Troj/Ransom-BQZ also known as:

Bkav W32.FamVT.RazyNHmC.Trojan
Elastic malicious (high confidence)
DrWeb Trojan.Encoder.3071
ClamAV Win.Trojan.Agent-1359625
CAT-QuickHeal Worm.Dorkbot.WR4
Zillya Trojan.FileCoder.Win32.10
CrowdStrike win/malicious_confidence_100% (D)
K7GW Trojan ( 0055e3ef1 )
K7AntiVirus Trojan ( 0055e3ef1 )
Baidu Win32.Trojan.Kryptik.sf
Cyren W32/Agent.XL.gen!Eldorado
Symantec Ransom.TeslaCrypt!g2
ESET-NOD32 Win32/Filecoder.TeslaCrypt.I
APEX Malicious
Avast Win32:Agent-BBNB [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Lethic.Gen.9
NANO-Antivirus Trojan.Win32.Encoder.dyysad
ViRobot Trojan.Win32.Teslacrypt.403456
MicroWorld-eScan Trojan.Lethic.Gen.9
Tencent Malware.Win32.Gencirc.10c65007
Ad-Aware Trojan.Lethic.Gen.9
Sophos ML/PE-A + Troj/Ransom-BQZ
Comodo TrojWare.Win32.Dorkbot.NG@64pya6
F-Secure Heuristic.HEUR/AGEN.1107526
BitDefenderTheta Gen:NN.ZexaF.34170.yqW@auKI5goG
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_HPEPING.SM
McAfee-GW-Edition GenericR-FFT!7BECAEFDBA19
FireEye Generic.mg.7becaefdba195321
Emsisoft Trojan.Lethic.Gen.9 (B)
SentinelOne Static AI – Suspicious PE
Jiangmin TrojanDropper.Dapato.sqa
Avira HEUR/AGEN.1107526
Antiy-AVL Trojan/Generic.ASMalwS.15C110C
Microsoft Ransom:Win32/Tescrypt!rfn
Arcabit Trojan.Lethic.Gen.9
SUPERAntiSpyware Trojan.Agent/Gen-Ransom
GData Trojan.Lethic.Gen.9
AhnLab-V3 Trojan/Win32.Teslacrypt.R169476
McAfee GenericR-FFT!7BECAEFDBA19
MAX malware (ai score=82)
VBA32 BScope.TrojanPSW.Steam
Malwarebytes Malware.AI.702435190
Panda Trj/GdSda.A
TrendMicro-HouseCall TROJ_HPEPING.SM
Rising Trojan.Kryptik!1.A31F (CLASSIC)
Yandex Trojan.GenAsa!y+5fPYUSFNw
Ikarus Trojan.Win32.Crypt
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.EGLA!tr
AVG Win32:Agent-BBNB [Trj]

How to remove ML/PE-A + Troj/Ransom-BQZ?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: a.tomx.xyzcrl.pki.googcrls.pki.googML/PE-A + Troj/Ransom-BQZmugegorcuk.commyexternalip.comocsp.pki.googsistemaslye.comvinvish.comw3dot.infowww.ceremonyofficiants.comz.whorecord.xyz
3 years ago

Recent Posts

About “Barys.67671” infection

The Barys.67671 is considered dangerous by lots of security experts. When this infection is active,…

25 mins ago

Win32/Olmarik.AOF malicious file

The Win32/Olmarik.AOF is considered dangerous by lots of security experts. When this infection is active,…

29 mins ago

Generic.Sdbot.E6D5958D removal guide

The Generic.Sdbot.E6D5958D is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Malware.AI.1318074156 malicious file

The Malware.AI.1318074156 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

Troj/Agent-BGOG removal instruction

The Troj/Agent-BGOG is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

How to remove “Win32/Patched.NKV”?

The Win32/Patched.NKV is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago