Ransom.106 (B) (file analysis)

The Ransom.106 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.106 (B) virus can do?

Executable code extraction
Injection with CreateRemoteThread in a remote process
Attempts to connect to a dead IP:Port (2 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Queries information on disks for anti-virtualization via Device Information APIs
Deletes its original binary from disk
Sniffs keystrokes
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Creates a copy of itself
Creates a slightly modified copy of itself
Anomalous binary characteristics

Related domains:

maytermsmodiall.at

resolver1.opendns.com

myip.opendns.com

geroyamslava.at

How to determine Ransom.106 (B)?


File Info:
crc32: CA66A720
md5: b2ad121e084c6a40b2415f56293994af
name: B2AD121E084C6A40B2415F56293994AF.mlw
sha1: 602e2710d1169fe2cadd87009ae1e8859e5fd747
sha256: 3076755c82d1ae689db32bf58197003d9f5da3db9abc5bedbea24d3e56392586
sha512: e5e505d68e05d4707884c03f096adb7da0f09e8c98ea6f305dcfe052206492f55673db5d223732d1e655998c986c06d38ba6fd17eb1b316d9dfd0af22e0e967f
ssdeep: 6144:zNozvlzavzavzVzamFMn3WGsy+GsrrivYM0OU141k/YHckCdsc4C49sbQRSGM:zNozvTW3WGpbvYh141CbTao3
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Ransom.106 (B) also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0052ef101 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.10103
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Exxroute.A3
ALYac	Gen:Variant.Ransom.106
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	TrojanSpy:Win32/Ursnif.92c9b6ab
K7GW	Trojan ( 0052ef101 )
Cyren	W32/Spora.B.gen!Eldorado
Symantec	Packed.Generic.493
ESET-NOD32	a variant of Win32/Kryptik.FOSU
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Ransomware.Spora-9808410-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Ransom.106
NANO-Antivirus	Trojan.Win32.Spora.elwdgw
MicroWorld-eScan	Gen:Variant.Ransom.106
Tencent	Malware.Win32.Gencirc.114b085a
Ad-Aware	Gen:Variant.Ransom.106
Sophos	ML/PE-A + Mal/Elenoocka-E
Comodo	TrojWare.Win32.Crypt.CA@6ykcle
BitDefenderTheta	Gen:NN.ZexaF.34686.vqW@amNxRTm
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPCERBER.SMONT4
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.fc
FireEye	Generic.mg.b2ad121e084c6a40
Emsisoft	Gen:Variant.Ransom.106 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/Crypt.XPACK.Gen8
Microsoft	TrojanSpy:Win32/Ursnif.HX
Arcabit	Trojan.Ransom.106
AegisLab	Trojan.Win32.Generic.4!c
GData	Gen:Variant.Ransom.106
AhnLab-V3	Trojan/Win32.Cerber.R198878
Acronis	suspicious
McAfee	Ransomware-FMJ!B2AD121E084C
MAX	malware (ai score=99)
VBA32	BScope.Trojan.Zbot.2312
Malwarebytes	Ransom.Cerber
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom_HPCERBER.SMONT4
Rising	Ransom.Cerber!8.3058 (CLOUD)
Yandex	Trojan.GenAsa!g4m8kxlnc38
Ikarus	Trojan.Ransom.Spora
Fortinet	W32/Kryptik.FONH!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Ransom.106 (B)?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Ransom.106 (B) (file analysis)