Ransom

Ransom.359 (B) removal

Malware Removal

The Ransom.359 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.359 (B) virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process created a hidden window
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Uses Windows utilities for basic functionality
  • Attempts to modify desktop wallpaper
  • Exhibits behavior characteristic of Cerber ransomware
  • Attempts to execute a binary from a dead or sinkholed URL
  • Writes a potential ransom message to disk
  • EternalBlue behavior
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Generates some ICMP traffic
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

Related domains:

api.blockcypher.com
hjhqmbxyinislkkt.1j9r76.top

How to determine Ransom.359 (B)?



File Info:

crc32: F88F06D0
md5: 707e5b6726db75c4626eb4f998d3d8d4
name: 707E5B6726DB75C4626EB4F998D3D8D4.mlw
sha1: 296dd8659a39f6ebbe4cbaa0356c1f5c2c953a79
sha256: f2098aede34a15e9c7a7155e3d4b3e56640026ce1f69971dc6f1e8cfc0e312d0
sha512: ed5a12504a06086c21a949f859b60f2e41dd1b831073024a2cdffe3a9f3a357d013016a04f4d5d38d8e41db6275f88c9fb642a5e85b70b5ae6908f36ac330640
ssdeep: 12288:F9L2AV1fwdoZeRcRGxzIjKoa+888888888888W88888888888:Fp2ELeRczuB
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

CompanyName: Ashampoo    Development  GmbH & Co. KG

Ransom.359 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.359
FireEyeGeneric.mg.707e5b6726db75c4
CAT-QuickHealRansom.Cerber.A4
McAfeeRansomware-CBER!707E5B6726DB
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005224381 )
BitDefenderGen:Variant.Ransom.359
K7GWTrojan ( 0050ee541 )
Cybereasonmalicious.726db7
CyrenW32/Cerber.BF.gen!Eldorado
SymantecPacked.Generic.459
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Ransomware.Razy-6933741-0
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Encoder.foxdug
AegisLabTrojan.Win32.Zerber.j!c
RisingTrojan.Kryptik!1.AB5A (CLASSIC)
Ad-AwareGen:Variant.Ransom.359
EmsisoftGen:Variant.Ransom.359 (B)
ComodoWorm.Win32.Gamarue.BL@73wv8y
F-SecureHeuristic.HEUR/AGEN.1115125
DrWebTrojan.Encoder.4691
ZillyaTrojan.GenKryptik.Win32.7559
TrendMicroRansom_HPCERBER.SMALY5A
McAfee-GW-EditionRansomware-CBER!707E5B6726DB
SophosML/PE-A + Mal/Cerber-B
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Zerber.cjv
AviraHEUR/AGEN.1115125
MAXmalware (ai score=83)
Antiy-AVLTrojan[Ransom]/Win32.Zerber
MicrosoftTrojan:Win32/Skeeyah.A!rfn
ArcabitTrojan.Ransom.359
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Ransom.359
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Cerber.Exp
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34590.Iq0@aOxRG6gP
ALYacGen:Variant.Ransom.359
VBA32BScope.Trojan.Encoder
MalwarebytesCerber.Ransom.Encrypt.DDS
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.GNFS
TrendMicro-HouseCallRansom_HPCERBER.SMALY5A
TencentMalware.Win32.Gencirc.10b28f33
YandexTrojan.GenAsa!vwkcgFQPgUg
IkarusTrojan.Krypt
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.HGZD!tr
WebrootW32.Ransom.Gen
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.Generic.HxQBuCMA

How to remove Ransom.359 (B)?

Ransom.359 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment