Ransom

Ransom.Azov.S28991174 removal

Malware Removal

The Ransom.Azov.S28991174 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Azov.S28991174 virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Exhibits possible ransomware file modification behavior
  • Harvests cookies for information gathering
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ransom.Azov.S28991174?



File Info:

name: 185E57A9920087AFF1CE.mlw
path: /opt/CAPEv2/storage/binaries/b593756b0d501a349b3dcf87e225f82ca5690e6404d4b344ebb9f928f6d4b693
crc32: 3F8D9224
md5: 185e57a9920087aff1ce66ea60874ab3
sha1: a762bdda82824947456dfcf4429b35039d63f1d5
sha256: b593756b0d501a349b3dcf87e225f82ca5690e6404d4b344ebb9f928f6d4b693
sha512: 2624c7d73a9202aba1e093991a9a60d8367fc4b9c0020bad43751e5a84d4d6657df39d5bebfa9655e2f933265a05750092a20fb1d7e3a565c4a2196c13b341df
ssdeep: 3072:rwQNU39K1Pb/DThJf6MymFB8rRcGr/yryIdXRWy4ZNC9GVImLsfWfW22f:r5s987TnfPymFBAq2aOpBZw9CTsfWfqf
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T13124381362A160E7D053B634B85FCB2F97657C6F07647B3E035C3F5A9E622809D29631
sha3_384: d4caa6a9c7187897b477c428ad7985b70029769fba4fcb793d10b539151ecf5ae4f6d3c4b501d52466f306a2fee3b800
ep_bytes: e848feffffc82000004c897c24f84883
timestamp: 2018-03-15 13:15:18


Version Info:

Comments: http://www.autoitscript.com/autoit3/
CompanyName: AutoIt Team
FileDescription: Au3Info
FileVersion: 3, 3, 14, 5
InternalName: Au3Info.exe
LegalCopyright: ©1999-2018 Jonathan Bennett & AutoIt Team
OriginalFilename: Au3Info.exe
ProductName: Au3Info
ProductVersion: 3, 3, 14, 5
Translation: 0x0809 0x04b0

Ransom.Azov.S28991174 also known as:

Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Cerbu.155261
FireEyeGeneric.mg.185e57a9920087af
CAT-QuickHealRansom.Azov.S28991174
VIPREGen:Variant.Cerbu.155261
K7AntiVirusTrojan ( 0059aa0b1 )
K7GWTrojan ( 0059aa0b1 )
CrowdStrikewin/malicious_confidence_70% (D)
VirITWin64.AzovWiper.A
CyrenW64/Ipamor.A
SymantecML.Attribute.HighConfidence
ESET-NOD32Win64/Filecoder.GG
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Ransom.Win32.Blocker.pef
BitDefenderGen:Variant.Cerbu.155261
Ad-AwareGen:Variant.Cerbu.155261
SophosTroj/Azov-A
DrWebWin32.HLLP.Azov.2
TrendMicroRansom.Win64.AZVO.SMYXCJ5
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Cerbu.155261 (B)
IkarusTrojan-Ransom.FileCrypter
GDataGen:Variant.Cerbu.155261
JiangminTrojan.Blocker.urx
Antiy-AVLGrayWare/Win32.Filecoder.gg
ArcabitTrojan.Cerbu.D25E7D
MicrosoftRansom:Win64/AzovCrypt.PA!MTB
GoogleDetected
AhnLab-V3Malware/Win.Ransom.R532483
ALYacGen:Variant.Cerbu.155261
MAXmalware (ai score=83)
MalwarebytesRansom.Azov
RisingRansom.Agent!8.6B7 (TFE:2:U9tOTBNOHOO)
MaxSecureTrojan.Malware.121218.susgen
FortinetW64/Filecoder.GG!tr
Cybereasonmalicious.992008

How to remove Ransom.Azov.S28991174?

Ransom.Azov.S28991174 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment