Ransom

About “Ransom.CryptoLocker.25 (B)” infection

Malware Removal

The Ransom.CryptoLocker.25 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.CryptoLocker.25 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.CryptoLocker.25 (B)?


File Info:

name: 6ADD84C2A9647D5CD0F1.mlw
path: /opt/CAPEv2/storage/binaries/f178f10bd26dfa79187b4b9b3144f2b64a7d7fdc99daca2d0a882ab41c4c510d
crc32: 29C3CD77
md5: 6add84c2a9647d5cd0f16fd2a0bd421c
sha1: 2a90af1ccfc7445ad5ca450f8b023fcd0d5782d0
sha256: f178f10bd26dfa79187b4b9b3144f2b64a7d7fdc99daca2d0a882ab41c4c510d
sha512: c6a4687b09472db6d7f65b7c9614a7d95f8a9fccff215286ca08ff5413e2f18733761a5cab343715767d8d3168aeefaff0863834f6549a6321d11a35e88242e5
ssdeep: 768:P6LsoVEeegiZPvEhHSP+gp/QtOOtEvwDpjBBMLZdzuqpXsiE8Wq/DpkTw:P6Q0ElP6G+gJQMOtEvwDpjB8WMlaw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D32320B51AC43D62DB73A6F6C9FA41B3A5327812B461591D50FAE30CC933B12F8D1A2D
sha3_384: 4b5844114e69feb8eb733385c63d001ed1fbbb0ae828396e5ea08654ec39a3212947dde149bab8f26795934c95efbde0
ep_bytes: e8622b0000e86c200000fa1b5000302b
timestamp: 2013-10-02 12:59:11

Version Info:

0: [No Data]

Ransom.CryptoLocker.25 (B) also known as:

BkavW32.AIDetectMalware
AVGWin32:Agent-ASIV [Trj]
Elasticmalicious (high confidence)
DrWebTrojan.DownLoad3.28161
MicroWorld-eScanGen:Variant.Ransom.CryptoLocker.25
FireEyeGeneric.mg.6add84c2a9647d5c
SkyhighBehavesLike.Win32.PWSZbot.pm
McAfeePWSZbot-FIA!6ADD84C2A964
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Variant.Ransom.CryptoLocker.25
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0055c6c71 )
K7GWTrojan ( 005179c61 )
Cybereasonmalicious.2a9647
BitDefenderThetaGen:NN.ZexaF.36802.cy2@aOkmkigi
VirITTrojan.Win32.Zyx.YB
SymantecTrojan.Dropper
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.BLTM
CynetMalicious (score: 100)
APEXMalicious
AvastWin32:Agent-ASIV [Trj]
ClamAVWin.Trojan.Upatre-3337
KasperskyVHO:Trojan-Spy.Win32.Zbot.gen
BitDefenderGen:Variant.Ransom.CryptoLocker.25
NANO-AntivirusTrojan.Win32.DownLoad3.cjxpzu
SUPERAntiSpywareTrojan.Agent/Gen-Upatre
TencentTrojan-DL.Win32.Small.kf
EmsisoftGen:Variant.Ransom.CryptoLocker.25 (B)
F-SecureTrojan.TR/Crypt.ZPACK.Gen
BaiduWin32.Trojan-Downloader.Small.c
ZillyaTrojan.Kryptik.Win32.4661701
TrendMicroTROJ_UPATRE.SMAG
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.11YZZVL
JiangminTrojanSpy.Zbot.eafz
VaristW32/Trojan.AIPM-3539
AviraTR/Crypt.ZPACK.Gen
MAXmalware (ai score=85)
Antiy-AVLTrojan/Win32.Waski.a
Kingsoftmalware.kb.a.1000
XcitiumTrojWare.Win32.TrojanDownloader.Upatre.MAUA@5rueuc
ArcabitTrojan.Ransom.CryptoLocker.25
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot.FD!MTB
GoogleDetected
AhnLab-V3Trojan/Win32.Upatre.C4249769
Acronissuspicious
ALYacGen:Variant.Ransom.CryptoLocker.25
TACHYONTrojan-Spy/W32.ZBot.45612.D
Cylanceunsafe
PandaTrj/Downloader.WKR
TrendMicro-HouseCallTROJ_UPATRE.SMAG
RisingDownloader.Waski!1.A489 (CLASSIC)
YandexTrojan.GenAsa!Oqb+I/CeYHc
IkarusBackdoor.Win32.Androm
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Mdrop.AAB!tr
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)
alibabacloudTrojan[downloader]:Win/Upatre.53a29fc4

How to remove Ransom.CryptoLocker.25 (B)?

Ransom.CryptoLocker.25 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment