Ransom

Ransom.Babuk.86 (B) removal guide

Malware Removal

The Ransom.Babuk.86 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Babuk.86 (B) virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Deletes executed files from disk
  • Anomalous binary characteristics

How to determine Ransom.Babuk.86 (B)?



File Info:

name: 161290A74FF968C95E3D.mlw
path: /opt/CAPEv2/storage/binaries/82a1833bba621e9028294b44ed0276d97a26aa403594d7984daccbbb32f35b95
crc32: 6E1E71B4
md5: 161290a74ff968c95e3d4cc65e53b6da
sha1: d29f8c66840914c2296bc89a0a2b45f724b7ffd9
sha256: 82a1833bba621e9028294b44ed0276d97a26aa403594d7984daccbbb32f35b95
sha512: 8a7fdff4776624d17004f64fb1e6e332d56fb5c930d8851253c3a8102f964b2828507bbe5623996a14b320a11a00e7a77975ec0fa3614c7d24b27f941cea5086
ssdeep: 12288:kXCRkabZo9lkl0a04OL5a6MuJpE0Lny19c09IkjrVIqbh/Uh9:GabIG0a04OL5a6MuJpE0Lny19c09Ikjg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CF847E5BB34543B3D38303B13A5B8DC9772AEC72677A82A12068511E1377EB893B7794
sha3_384: 0d58b75e5a47169874b46fc9d0d0b9a5d974578aa4bd588bbeac2d97e3f061111068dd5778bb0adf76a476abe915f93b
ep_bytes: 60be000000008a8600104000c0c0da80
timestamp: 2004-09-05 06:27:43


Version Info:

CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
InternalName: AdwTest.exe
LegalCopyright: TODO: (c) .  All rights reserved.
OriginalFilename: AdwTest.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04e4

Ransom.Babuk.86 (B) also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Nobady.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.Babuk.86
FireEyeGeneric.mg.161290a74ff968c9
SkyhighBehavesLike.Win32.Generic.fh
McAfeeGenericRXOB-DF!161290A74FF9
Cylanceunsafe
ZillyaTrojan.AgentGen.Win32.95
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005ac2dd1 )
AlibabaTrojan:Win32/Aenjaris.a96ce695
K7GWTrojan ( 004b494b1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Ransom.Babuk.86
BitDefenderThetaGen:NN.ZexaF.36744.yu3@aC8QXyki
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Agent.WTK
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Nobady.gen
BitDefenderGen:Variant.Ransom.Babuk.86
NANO-AntivirusTrojan.Win32.Mlw.fjeako
AvastWin32:TrojanX-gen [Trj]
RisingTrojan.Agent!1.A728 (CLASSIC)
EmsisoftGen:Variant.Ransom.Babuk.86 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.MulDrop5.42246
VIPREGen:Variant.Ransom.Babuk.86
TrendMicroTROJ_GEN.R002C0DAM24
Trapminemalicious.moderate.ml.score
SophosMal/Agent-AWE
IkarusTrojan.Win32.Aenjaris
VaristW32/Babuk.A.gen!Eldorado
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.Agent.wtk
Kingsoftmalware.kb.a.998
MicrosoftTrojan:Win32/Aenjaris.AL!bit
ZoneAlarmHEUR:Trojan.Win32.Nobady.gen
GDataWin32.Trojan.BadJoke.J
GoogleDetected
AhnLab-V3Trojan/Win.DF.C5535790
VBA32SScope.Malware-Cryptor.Aenjaris
ALYacGen:Variant.Ransom.Babuk.86
MAXmalware (ai score=87)
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DAM24
TencentTrojan.Win32.Agent.zl
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.WTK!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.684091
DeepInstinctMALICIOUS

How to remove Ransom.Babuk.86 (B)?

Ransom.Babuk.86 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment