Ransom

Ransom.1640 malicious file

Malware Removal

The Ransom.1640 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.1640 virus can do?

  • Executable code extraction
  • Compression (or decompression)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to delete volume shadow copies
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Writes a potential ransom message to disk
  • Attempts to identify installed AV products by registry key
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Creates a known TeslaCrypt/AlphaCrypt ransomware decryption instruction / key file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom.1640?



File Info:

crc32: 6D80FD12
md5: 3019a9c19544a4a2ec025e57cc68abd6
name: 3019A9C19544A4A2EC025E57CC68ABD6.mlw
sha1: 440c7b72594049d1c32c74b234e55abb9d1de458
sha256: 0e33f1c0da94852bc8635de686ebc66c3b75f058caa92df338de2d5358de49f9
sha512: b4a2454979a03e7be507af32870a92020ad8aad76a57d2f8f09376e444869bbcd9306603250283a8d13d8df83ce17bd388cb894d673ef1fd32cdaf019907d46a
ssdeep: 6144:AyBfePPs3DQ+lud9zRMAquydMjT9IcEHqnz0+hoxv4ED:AybQ+8dPMAq6TGLKnwEcvzD
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Chinking xa9 1944
InternalName: Curial
FileVersion: 143, 73, 211, 58
CompanyName: KYOCERA MITA CORPORATION
ProductName: Atonality Admire
FileDescription: Bustles
OriginalFilename: Accommodate.exe

Ransom.1640 also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004d41c61 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.1861
CynetMalicious (score: 100)
ALYacGen:Variant.Ransom.1640
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.5193
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 004d41c61 )
Cybereasonmalicious.19544a
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Filecoder.TeslaCrypt.E
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Bitman.afbc
BitDefenderGen:Variant.Ransom.1640
NANO-AntivirusTrojan.Win32.Encoder.dwqxqf
MicroWorld-eScanGen:Variant.Ransom.1640
TencentMalware.Win32.Gencirc.114c7ba2
Ad-AwareGen:Variant.Ransom.1640
SophosML/PE-A + Mal/Tinba-L
ComodoMalware@#347kkqhiu6kd8
BitDefenderThetaGen:NN.ZexaF.34608.uq3@ausN9wgG
VIPRETrojan.Win32.Generic!BT
TrendMicroCryp_HpMyApp
McAfee-GW-EditionGenericR-JST!3019A9C19544
FireEyeGeneric.mg.3019a9c19544a4a2
EmsisoftGen:Variant.Ransom.1640 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.axzvu
WebrootW32.Ransom.Gen
AviraHEUR/AGEN.1120452
MicrosoftRansom:Win32/Tescrypt.C
ArcabitTrojan.Ransom.D668
GDataGen:Variant.Ransom.1640
AhnLab-V3Trojan/Win32.Gen
Acronissuspicious
McAfeeGenericR-JST!3019A9C19544
MAXmalware (ai score=83)
VBA32BScope.Trojan.Encoder
PandaTrj/Genetic.gen
TrendMicro-HouseCallCryp_HpMyApp
RisingRansom.Bitman!8.6A2 (CLOUD)
YandexTrojan.GenAsa!6qpNYiUd0rg
IkarusTrojan.Win32.Filecoder
FortinetW32/Papras.EH!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Bitman.HwcB3jsA

How to remove Ransom.1640?

Ransom.1640 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment