Ransom

Ransom.281 (B) (file analysis)

Malware Removal

The Ransom.281 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.281 (B) virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Installs an hook procedure to monitor for mouse events
  • Likely installs a bootkit via raw harddisk modifications
  • Attempts to restart the guest VM
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Attempts to modify UAC prompt behavior
  • Attempts to block SafeBoot use by removing registry keys

How to determine Ransom.281 (B)?



File Info:

crc32: 718FFA0F
md5: 163d45c09f1ef2dbf9dae7bf73a19e18
name: 163D45C09F1EF2DBF9DAE7BF73A19E18.mlw
sha1: c84b85e6d2b8a16d8c8e97ae38cd535ec723eb5c
sha256: c6f45324881aa4ab40622acc1bb199abe0ee36bd1c6e29ce4a6fc440a883967e
sha512: 6e89f34e9b936a0966edfd942304ca9214addd5672dbbc989ca1d498f8046b512f7195d6a19ea3ad1aaa5817fe858906c43fda6715b2f35b7c76629ee7f92492
ssdeep: 24576:kFWsf55YQaJ8QurnxP8afiZqI3U19hat9zG3u:kFWZQa4nxP89ckU1va/R
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x4f5cx8005x7248x6743x6240x6709 x8bf7x5c0ax91cdx5e76x4f7fx7528x6b63x7248
FileVersion: 1.0.0.0
Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)
ProductName: x5e94x7528x7a0bx5e8f
ProductVersion: 1.0.0.0
FileDescription: x5e94x7528x7a0bx5e8f(*.exe)
Translation: 0x0804 0x04b0

Ransom.281 (B) also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 005246d51 )
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop8.11601
CynetMalicious (score: 100)
ALYacGen:Variant.Ransom.281
CylanceUnsafe
ZillyaTrojan.Mbro.Win32.4819
SangforTrojan.Win32.Save.a
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.09f1ef
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/MBRlock.BA
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
KasperskyTrojan-Ransom.Win32.Mbro.bbmj
BitDefenderGen:Variant.Ransom.281
NANO-AntivirusTrojan.Win32.Mbro.favzty
MicroWorld-eScanGen:Variant.Ransom.281
TencentWin32.Trojan.Mbro.Dwjt
Ad-AwareGen:Variant.Ransom.281
SophosMal/Generic-S
ComodoWorm.Win32.Dropper.RA@1qraug
BitDefenderThetaGen:NN.ZexaF.34058.nr0@aaniRzmb
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.th
FireEyeGeneric.mg.163d45c09f1ef2db
EmsisoftGen:Variant.Ransom.281 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.MBro.cq
AviraTR/Mbro.bksjp
eGambitHackTool.Generic
Antiy-AVLTrojan/Generic.ASMalwS.25DAF13
MicrosoftTrojan:Win32/Emotet!ml
ArcabitTrojan.Ransom.281
GDataWin32.Trojan.PSE.1THOGOA
TACHYONRansom/W32.Mbro.1269760
AhnLab-V3Malware/Win32.Generic.C2479981
Acronissuspicious
McAfeeArtemis!163D45C09F1E
MAXmalware (ai score=96)
VBA32TrojanRansom.Mbro
MalwarebytesTrojan.MalPack.FlyStudio
PandaTrj/CI.A
RisingRansom.MBRlock!1.B6DC (CLASSIC)
YandexTrojan.Mbro!sNbxur803Bg
MaxSecureDropper.Dinwod.frindll
FortinetW32/Mbro.BBMJ!tr
AVGWin32:RansomX-gen [Ransom]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.MBRlock.HwcBEpsA

How to remove Ransom.281 (B)?

Ransom.281 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment