Categories: Ransom

Ransom.Crysis (file analysis)

The Ransom.Crysis is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.Crysis virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Attempts to delete volume shadow copies
Installs itself for autorun at Windows startup
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

How to determine Ransom.Crysis?


File Info:
crc32: 9972B25Amd5: faba065344e5f585a8e7acfce2ffff5fname: dmx777.exesha1: bdbbc7f1ec213771a593dfc8f273e2c0b28a46afsha256: 23b61ce11f2a64fe00b92584657f884bd7a7b39b1160d9e006bfec83cec1921esha512: ea128b2e682085bf41fc5b322f89ea4d8c1f6090bdf723d688818f91e3e6395a05368c1029ca7c647d90e4bce118ddea9f19fd4b73938636862d2047c664986essdeep: 6144:SI9pCnlmvsK01qGlM8f1P3XIZQg14OKp8wwvP26GIgxoasfRaqr8zb:hT4lmvsKzqMWIZQgPq8vOXNKasfRa1type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (c) ReviverSoft LLCCompanyName: ReviverSoft LLCPrivateBuild: 6.2.53.462LegalTrademarks: Copyright (c) ReviverSoft LLCProductName: Vertical BookmarksProductVersion: 6.2.53.462FileDescription: Victimised Rediscover Restrictin LeafOriginalFilename: Vertical BookmarksTranslation: 0x0409 0x04b0

Ransom.Crysis also known as:

MicroWorld-eScan	Trojan.GenericKD.32795616
FireEye	Generic.mg.faba065344e5f585
McAfee	RDN/Generic.dx
Malwarebytes	Ransom.Crysis
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0055d20f1 )
BitDefender	Trojan.GenericKD.32795616
K7GW	Trojan ( 0055d20f1 )
Cybereason	malicious.1ec213
BitDefenderTheta	Gen:NN.ZexaF.33550.zq0@aCfGrAji
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.GZHE
APEX	Malicious
Avast	Win32:Trojan-gen
GData	Trojan.GenericKD.32795616
Kaspersky	Trojan-Ransom.Win32.Crusis.dyz
NANO-Antivirus	Trojan.Win32.Kryptik.gliruv
ViRobot	Trojan.Win32.Z.Conteban.413696
Endgame	malicious (high confidence)
Emsisoft	Trojan.GenericKD.32795616 (B)
Comodo	Malware@#24lwz8gfcnme4
DrWeb	Trojan.Siggen8.61956
Zillya	Trojan.Kryptik.Win32.1876350
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Trapmine	malicious.moderate.ml.score
CMC	Trojan.Win32.Swizzor.3!O
Sophos	Mal/Generic-S
Ikarus	Trojan-Ransom.GandCrab
Cyren	W32/Trojan.QOPP-1568
Webroot	W32.Trojan.GenKD
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Ransom]/Win32.Crusis
Microsoft	Trojan:Win32/Wadhrama!rfn
Arcabit	Trojan.Generic.D1F46BE0
AhnLab-V3	Malware/Win32.Generic.C3627495
ZoneAlarm	Trojan-Ransom.Win32.Crusis.dyz
Acronis	suspicious
VBA32	TrojanRansom.Crusis
ALYac	Trojan.Ransom.Crysis
Ad-Aware	Trojan.GenericKD.32795616
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_Crusis.R002C0PLC19
MaxSecure	Trojan.Malware.74731129.susgen
Fortinet	W32/Kryptik.GZHE!tr.ransom
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	HEUR/QVM10.2.CA6B.Malware.Gen