Ransom

About “Ransom.BlackBasta.14” infection

Malware Removal

The Ransom.BlackBasta.14 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.BlackBasta.14 virus can do?

  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ransom.BlackBasta.14?


File Info:

name: 784F32A111EEFCE6A49F.mlw
path: /opt/CAPEv2/storage/binaries/241f197744a555eb07528fd38332e18eb8c8a3a54dbf6b716024dfa6e996158c
crc32: 9D55DCE0
md5: 784f32a111eefce6a49f01d70f534a37
sha1: 918e5ef98cf1ea960b5bbaa9cef13e7e35c59ed4
sha256: 241f197744a555eb07528fd38332e18eb8c8a3a54dbf6b716024dfa6e996158c
sha512: 1c81eed2fe23bdef9ef1d4b300b7942140d8ae14756a374c8ac45f5c450a1b6b324cfaccf55aacf2255b471d0a1efdd17c9f3b1e39271ec0c33084bc70f3dbd9
ssdeep: 24576:uFoooZFBQLhaYGRkyfGRhdnQLXvAKilohUnIkYfuYWZYKxEynHTEn3HXVR:LiLvm6hqL/AKieUnIkYjWLxEyHTEn3Hj
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T10D656CB1B255C135E0A211B1AD3DDA6A417CBD725B6685EFF3C42A3D2C60DD20A32F1B
sha3_384: e37ca73310b721b0ee11bcccff03038645d164db3095ccf7aa88292a195ff72f3a887b004eaa9fc11b479b64905bc82a
ep_bytes: e828080000e974feffff68e0295600ff
timestamp: 2023-08-28 10:59:37

Version Info:

Comments: Backup or restore StuderGrind data
CompanyName: mcs software ag, Spitalackerstrasse 22a, CH-3013 Bern, www.mcs.ch
FileDescription: StuderGrindDataBackupTool
FileVersion: 1.14.0.0240
InternalName: StuderGrindDataBackupTool.exe
LegalCopyright: Copyright (C)1996-2023 by mcs software ag
LegalTrademarks:
OriginalFilename: StuderGrindDataBackupTool.exe
PrivateBuild:
ProductName: StuderGrindDataBackupTool
ProductVersion: 1.14.0.0240
SpecialBuild:
Translation: 0x0807 0x04b0

Ransom.BlackBasta.14 also known as:

BkavW32.AIDetectMalware
CynetMalicious (score: 100)
ALYacGen:Variant.Ransom.BlackBasta.14
VIPREGen:Variant.Ransom.BlackBasta.14
APEXMalicious
BitDefenderGen:Variant.Ransom.BlackBasta.14
MicroWorld-eScanGen:Variant.Ransom.BlackBasta.14
EmsisoftGen:Variant.Ransom.BlackBasta.14 (B)
Trapminesuspicious.low.ml.score
FireEyeGen:Variant.Ransom.BlackBasta.14
ArcabitTrojan.Ransom.BlackBasta.14
GDataGen:Variant.Ransom.BlackBasta.14
MAXmalware (ai score=81)
RisingTrojan.Generic@AI.100 (RDML:G2xdR+JEc+owbRKZVjgRcw)

How to remove Ransom.BlackBasta.14?

Ransom.BlackBasta.14 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment