Categories: Ransom

Ransom.Cerber.752 (B) removal tips

The Ransom.Cerber.752 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.Cerber.752 (B) virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (4 unique times)
Creates RWX memory
A process attempted to delay the analysis task.
Creates an excessive number of UDP connection attempts to external IP addresses
Performs some HTTP requests
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Attempts to modify desktop wallpaper
Exhibits behavior characteristic of Cerber ransomware
Attempts to execute a binary from a dead or sinkholed URL
EternalBlue behavior
Attempts to modify proxy settings
Attempts to access Bitcoin/ALTCoin wallets
Generates some ICMP traffic
Collects information to fingerprint the system

Related domains:

api.blockcypher.com

btc.blockr.io

bitaps.com

chain.so

ocsp.digicert.com

p27dokhpz2n7nvgr.1lseoi.top

How to determine Ransom.Cerber.752 (B)?


File Info:
crc32: C37DEDC5md5: a0c872c2c5fcef65b632bc3b9e79fc34name: A0C872C2C5FCEF65B632BC3B9E79FC34.mlwsha1: dc3e296775783ca51fc433689a98f2933bdb8fbcsha256: 29300b00829088597b40bbf68462653e3a83df4f5483d24be34b45bda287ebbesha512: 5fd260a2ef1ac26c6b621edaee37adfd74585c58168efb0f614ef05d269805c381aea5d75ab6e8887c139570c5f4b1d4a19026afdc9038e9c891564496164cf0ssdeep: 3072:Xj5931uGfXgfDfQhJLt6Qe4KsAaPGss0+O4oLoU7xy05IVfq6F5YaUaOgPsjsqY:XjD3bXPhn6QBAaPdtvAC4iaUaOgHaJltype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyrightxa9 2005-2015InternalName: FileVersion: 1.0.0.634CompanyName: IObitLegalTrademarks: IObitComments: ProductName: DisplayProductVersion: 2.0.0.0FileDescription: Advanced SystemCare DisplayOriginalFilename: Translation: 0x0409 0x04e4

Ransom.Cerber.752 (B) also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 005224381 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.4691
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Cerber.A4
ALYac	Gen:Variant.Ransom.Cerber.752
Cylance	Unsafe
Sangfor	Virus.Win32.Save.a
CrowdStrike	win/malicious_confidence_80% (D)
K7GW	Trojan ( 005224381 )
Cybereason	malicious.2c5fce
Baidu	Win32.Trojan.Kryptik.azy
Cyren	W32/Locky.H2.gen!Eldorado
Symantec	Packed.Generic.459
ESET-NOD32	a variant of Win32/Kryptik.FZOQ
APEX	Malicious
Avast	Win32:Filecoder-BG [Trj]
Kaspersky	HEUR:Trojan.Win32.Vucha.dc
BitDefender	Gen:Variant.Ransom.Cerber.752
NANO-Antivirus	Trojan.Win32.Vucha.evgxvo
MicroWorld-eScan	Gen:Variant.Ransom.Cerber.752
Tencent	Malware.Win32.Gencirc.11494f80
Ad-Aware	Gen:Variant.Ransom.Cerber.752
Sophos	ML/PE-A + Mal/Cerber-B
Comodo	TrojWare.Win32.Ransom.Cerber.FJ@6wjqwh
BitDefenderTheta	Gen:NN.ZexaF.34170.sq0@a4i@Kzlj
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CERBER.SMEJ1
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.dh
FireEye	Generic.mg.a0c872c2c5fcef65
Emsisoft	Gen:Variant.Ransom.Cerber.752 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1124969
eGambit	Unsafe.AI_Score_99%
Antiy-AVL	Trojan/Generic.ASMalwS.22C0BDC
Microsoft	Ransom:Win32/Cerber.J
GData	Gen:Variant.Ransom.Cerber.752
AhnLab-V3	HEUR/Malga.D708.X1491
Acronis	suspicious
McAfee	Ransomware-CBER!A0C872C2C5FC
MAX	malware (ai score=99)
VBA32	BScope.Trojan.Vucha
Malwarebytes	PUP.Optional.AdvancedSystemCare
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Ransom_CERBER.SMEJ1
Rising	Trojan.Kryptik!1.AE9C (CLASSIC)
Fortinet	W32/Zamg.O!tr
AVG	Win32:Filecoder-BG [Trj]
Paloalto	generic.ml