Ransom

Should I remove “Ransom.1343”?

Malware Removal

The Ransom.1343 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.1343 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

Related domains:

users.qzone.qq.com

How to determine Ransom.1343?



File Info:

crc32: C5B7435F
md5: 0abaa7582eb832c025cd8f374204485c
name: 2154.exe
sha1: 6fc1e18c75b82a1402ab0f67efc820763635d44f
sha256: 8e925270b188cba0d5be5540680cc166ac6fc7380ad78926329a29f8bb445866
sha512: 2f3d02bad8cf7d2a0e708d75085ecc0f2039649c752941ec57258ae2afab58f90902861683a47eaa43a8fe87ef477322a5e7bd7006194fdc45d2119f28e4a7bc
ssdeep: 768:yoVrrGCwdIkfN4N8aCyBZE9+zCTe1prb:v1rGDdm8yCESY
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2017
InternalName: NewServers
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: NewServers x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: NewServers Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: NewServers.EXE
Translation: 0x0804 0x04b0

Ransom.1343 also known as:

MicroWorld-eScanGen:Variant.Ransom.1343
McAfeeArtemis!0ABAA7582EB8
CylanceUnsafe
AegisLabTrojan.Multi.Generic.4!c
SangforMalware
K7AntiVirusTrojan ( 00521b151 )
BitDefenderGen:Variant.Ransom.1343
K7GWTrojan ( 00521b151 )
CrowdStrikewin/malicious_confidence_90% (W)
Invinceaheuristic
SymantecML.Attribute.HighConfidence
TotalDefenseWin32/PackedBaidu
APEXMalicious
AvastWin32:Malware-gen
GDataGen:Variant.Ransom.1343
KasperskyTrojan.Win32.Siscos.aamf
AlibabaTrojan:Win32/Siscos.e4084e10
RisingTrojan.Kryptik!1.B340 (CLASSIC)
Endgamemalicious (moderate confidence)
EmsisoftGen:Variant.Ransom.1343 (B)
ComodoBackdoor.Win32.Farfli.CJT@7jjkro
F-SecureHeuristic.HEUR/AGEN.1014391
DrWebTrojan.Inject3.7931
TrendMicroBKDR_ZEGOST.SM13
McAfee-GW-EditionGenericRXGQ-CL!7F0FDFD11BC8
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.0abaa7582eb832c0
SophosMal/Generic-S
IkarusTrojan.Win32.Farfli
CyrenW32/Trojan.EYMC-2922
JiangminTrojan.Siscos.fx
AviraHEUR/AGEN.1014391
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftBackdoor:Win32/Venik.S!bit
ArcabitTrojan.Ransom.D53F
ZoneAlarmTrojan.Win32.Siscos.aamf
BitDefenderThetaGen:NN.ZexaF.34090.cmKfaSpm81ib
ALYacGen:Variant.Ransom.1343
MAXmalware (ai score=85)
VBA32BScope.Trojan.Downloader
MalwarebytesTrojan.Downloader
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Injector.CJVZ
TrendMicro-HouseCallBKDR_ZEGOST.SM13
TencentWin32.Trojan.Ransom.Hze
SentinelOneDFI – Suspicious PE
FortinetW32/CJVZ.CL!tr
Ad-AwareGen:Variant.Ransom.1343
AVGWin32:Malware-gen
Cybereasonmalicious.82eb83
Paloaltogeneric.ml
Qihoo-360Generic/Trojan.Ransom.330

How to remove Ransom.1343?

Ransom.1343 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment