Ransom

Ransom.FileCryptor.Python.Generic (file analysis)

Malware Removal

The Ransom.FileCryptor.Python.Generic is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom.FileCryptor.Python.Generic virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the PyInstaller malware family

How to determine Ransom.FileCryptor.Python.Generic?


File Info:

name: 999D9EA8BE5639640A45.mlw
path: /opt/CAPEv2/storage/binaries/5475e26516e32b7cba3cc987c478bf59a76dfc91a1f5a047d138ba728926e209
crc32: 60F3C3BC
md5: 999d9ea8be5639640a45376fc6ec4ed5
sha1: de3cc0cd6463b16d2459a8ffca3fb8f8b0c00cca
sha256: 5475e26516e32b7cba3cc987c478bf59a76dfc91a1f5a047d138ba728926e209
sha512: c5210b8f44397824f2ce14fab2a7c8ed609bf1a8dcea73ae521a721cdd4d3ef02a515e0158c26dc6df30c3e2dfc8e669d8e681d4acbac79915c3041b77eebb50
ssdeep: 196608:jIN5EbGXVFICteEroXxoczlxZV3Gu5D4S26/CS3hNqTbJQ2Ttwm:u5EeInEroXF14S26BNqhv
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T136663304B6E81CFAE9BB843AC468D425D1F274204390C65F23AC952B5FAB7E17D7AF41
sha3_384: 33f7bfd8a0fe452ec4fa18ea72f1e6a89e251f5342812b720757b9f760d9c8af1501400ebb4ed69ee5d51e20d5cd17e7
ep_bytes: 4883ec28e8f70400004883c428e97afe
timestamp: 2021-11-09 18:04:01

Version Info:

0: [No Data]

Ransom.FileCryptor.Python.Generic also known as:

MicroWorld-eScanGen:Variant.Tedy.4675
FireEyeGen:Variant.Tedy.4675
McAfeeArtemis!999D9EA8BE56
ZillyaTrojan.Agent.Script.1642387
SangforTrojan.Win32.Generic.ky
SymantecTrojan.Gen.2
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Variant.Tedy.4675
ViRobotTrojan.Win32.Z.Tedy.6933582
AvastFileRepMalware
Ad-AwareGen:Variant.Tedy.4675
EmsisoftGen:Variant.Tedy.4675 (B)
TrendMicroTROJ_GEN.R011C0WKQ21
McAfee-GW-EditionBehavesLike.Win64.Ransom.vc
SophosMal/Generic-S
Antiy-AVLTrojan[PSW]/Python.Agent
MicrosoftTrojan:Script/Phonzy.B!ml
ArcabitTrojan.Tedy.D1243
GDataGen:Variant.Tedy.4675
AhnLab-V3Trojan/Win.Generic.R429165
ALYacGen:Variant.Tedy.4675
MAXmalware (ai score=81)
VBA32Trojan.Sabsik.FL
MalwarebytesRansom.FileCryptor.Python.Generic
TrendMicro-HouseCallTROJ_GEN.R011C0WKQ21
YandexTrojan.Agent!xUFG1giwX90
SentinelOneStatic AI – Suspicious PE
FortinetW32/PossibleThreat
AVGFileRepMalware
PandaTrj/CI.A

How to remove Ransom.FileCryptor.Python.Generic?

Ransom.FileCryptor.Python.Generic removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment