Ransom

Ransom.CryptoLocker.25 removal instruction

Malware Removal

The Ransom.CryptoLocker.25 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.CryptoLocker.25 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.CryptoLocker.25?


File Info:

name: 10096A1EFE5A623CD4EE.mlw
path: /opt/CAPEv2/storage/binaries/a4d03a038c1d35a274a88b87fa4acb62e7fb9a7681820d0e6805b6a24b31ad41
crc32: 3956E255
md5: 10096a1efe5a623cd4ee05d119d7ae4c
sha1: 7363ecae84ab5be463c3b3872a4568ed14193480
sha256: a4d03a038c1d35a274a88b87fa4acb62e7fb9a7681820d0e6805b6a24b31ad41
sha512: 4cc6cfb499935ec8e28e142ef2bc8892ec6e71f9d2af89a6f753446380462829beef08f2d785e7da7b4e08bd47739449bf753d440cc95160a3e273d15517e422
ssdeep: 768:q7PdFecFS5agQtOOtEvwDpjeMLZdzuqpXsiE8Wq/DpkG:qDdFJy3QMOtEvwDpjjWMlR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5F273396EC516B2D377D6B6C9F786C3B826BC6279129D0C50CE27054C33B53ACA291E
sha3_384: 7af31d7dd12014fa28d2c8e8d918ad3cc678105914396de4f1f2d1a815e6588b89b055132981fc754613a8af67ce24d2
ep_bytes: 60be00a050008dbe0070ffff57eb0b90
timestamp: 2013-10-02 12:59:11

Version Info:

0: [No Data]

Ransom.CryptoLocker.25 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Zbot.lMmI
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Ransom.CryptoLocker.25
FireEyeGeneric.mg.10096a1efe5a623c
CAT-QuickHealTrojan.GenericRI.S28993524
SkyhighBehavesLike.Win32.PWSZbot.nm
McAfeeGenericRXAA-AA!10096A1EFE5A
MalwarebytesCrypt.Trojan.Malicious.DDS
ZillyaTrojan.Kryptik.Win32.4661701
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/Dorv.b98f4c84
K7GWTrojan-Downloader ( 0055c6c71 )
K7AntiVirusTrojan-Downloader ( 0055c6c71 )
BaiduWin32.Trojan-Downloader.Small.c
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.BLTM
APEXMalicious
ClamAVWin.Trojan.Zbot-64721
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.CryptoLocker.25
NANO-AntivirusTrojan.Win32.DownLoad3.cjxpzu
SUPERAntiSpywareTrojan.Agent/Gen-Injector
AvastWin32:Agent-ASIV [Trj]
TACHYONTrojan-Spy/W32.ZBot.45622.C
SophosMal/Generic-S
GoogleDetected
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.DownLoad3.28161
VIPREGen:Variant.Ransom.CryptoLocker.25
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Ransom.CryptoLocker.25 (B)
IkarusBackdoor.Win32.Androm
JiangminTrojanSpy.Zbot.eafz
VaristW32/Kryptik.JSM.gen!Eldorado
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan[Downloader]/Win32.Small
Kingsoftmalware.kb.b.997
MicrosoftPWS:Win32/Zbot.FD!MTB
GridinsoftRansom.Win32.Zbot.sa
XcitiumTrojWare.Win32.TrojanDownloader.Upatre.MAUA@5rueuc
ArcabitTrojan.Ransom.CryptoLocker.25
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan-Downloader.Upatre.BJ
CynetMalicious (score: 100)
AhnLab-V3Malware/RL.Generic.R256208
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.36802.cmMfaa7FGIhi
ALYacGen:Variant.Ransom.CryptoLocker.25
MAXmalware (ai score=89)
Cylanceunsafe
RisingDownloader.Waski!1.A489 (CLASSIC)
YandexTrojan.GenAsa!0NHD56KEAmA
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Mdrop.AAB!tr
AVGWin32:Agent-ASIV [Trj]
Cybereasonmalicious.efe5a6
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Zbot.FD!MTB

How to remove Ransom.CryptoLocker.25?

Ransom.CryptoLocker.25 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment