Ransom

About “Ransom.FileCryptor.VMP” infection

Malware Removal

The Ransom.FileCryptor.VMP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.FileCryptor.VMP virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ransom.FileCryptor.VMP?


File Info:

name: F2B54E147D818AB2D4CE.mlw
path: /opt/CAPEv2/storage/binaries/bcd10b66fa799f9e1d9b5a72be1a140bd12b5b73962884d0c633f979ac536abe
crc32: 42FB7B89
md5: f2b54e147d818ab2d4ce1fec0552b9ed
sha1: 1a2e39b79781d4243071cb0de5d2f5a156fbc286
sha256: bcd10b66fa799f9e1d9b5a72be1a140bd12b5b73962884d0c633f979ac536abe
sha512: 2d7a87df62537e5cc0c14d8bff7e7eaaa8d3536930667a9bff531a79377066db1c95dde3b54062d8821ffa38ebb4a65d7de330e15ac580fce252f0bbbf23fab0
ssdeep: 98304:YJn0jRZf2DagDHdBDU5YqWaN8Qd0dXCHi3GzV4X/:2Iq+SXaN8QadXCHOxX/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DC362333536510CAE1E5EC398637FEE5B1FA076A8F41F878A9D659C224368E4D313A07
sha3_384: 1b0f9deb675b4248a70608dcabfdbca649eafed58f0e833566170673f4332d24482d579b707efff84f6d4205565d6258
ep_bytes: 6885c427fce86bb53e00660fc89cb8ec
timestamp: 2022-12-28 21:37:28

Version Info:

0: [No Data]

Ransom.FileCryptor.VMP also known as:

BkavW32.AIDetectNet.01
LionicTrojan.Win32.DelShad.4!c
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.64599560
McAfeeArtemis!F2B54E147D81
Cylanceunsafe
VIPRETrojan.GenericKD.64599560
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005974d31 )
AlibabaTrojan:Win32/DelShad.966cb285
K7GWTrojan ( 005974d31 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.Genus.NJT
CyrenW32/ABRisk.FKUM-7127
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Filecoder.RagnarLocker.D
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.DelShad.kdo
BitDefenderTrojan.GenericKD.64599560
NANO-AntivirusTrojan.Win32.DelShad.jukcej
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10be0d80
EmsisoftTrojan.GenericKD.64599560 (B)
F-SecureTrojan.TR/DelShad.opply
DrWebTrojan.Encoder.37029
ZillyaTrojan.Filecoder.Win32.28204
TrendMicroTROJ_GEN.R06CC0RLV22
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.f2b54e147d818ab2
SophosMal/VMProtBad-A
IkarusTrojan.Win32.VMProtect
GDataTrojan.GenericKD.64599560
JiangminTrojan.DelShad.ccu
WebrootW32.Trojan.CryptInject
AviraTR/DelShad.opply
Antiy-AVLTrojan/Win32.DelShad
ArcabitTrojan.Generic.D3D9B608
ZoneAlarmTrojan.Win32.DelShad.kdo
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5346188
Acronissuspicious
VBA32TScope.Malware-Cryptor.SB
ALYacTrojan.Ransom.Filecoder
MAXmalware (ai score=83)
MalwarebytesRansom.FileCryptor.VMP
PandaTrj/Chgt.AD
TrendMicro-HouseCallTROJ_GEN.R06CC0RLV22
RisingTrojan.Generic@AI.100 (RDML:gnz50CT1PuY3rL7oqXKwSA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Filecoder_RagnarLocker.D!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Ransom.FileCryptor.VMP?

Ransom.FileCryptor.VMP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment