Ransom.GandCrab.307 (file analysis)

Malware Removal

The Ransom.GandCrab.307 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom.GandCrab.307 virus can do?

  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Attempts to modify proxy settings

Related domains:

z.whorecord.xyz
a.tomx.xyz
bd.137vc.com

How to determine Ransom.GandCrab.307?


File Info:

crc32: 512FFE11
md5: 643855638530d36b10b80df5951ab58d
name: 643855638530D36B10B80DF5951AB58D.mlw
sha1: cb5c1c95594769c1038b84992e0a3756c8f47ab0
sha256: c35e2fe5e101bffa8acb52ce118d278c173490f5746657a5417cfc4c40a3ba0e
sha512: 9765504d488bdf1841eba60068e5ba6505e8684ee7402187cefb4135984144b264843c5c0adb9ff8a4fdc9de885b6826b4e790dc2d5acd75e0ef88ca3e3166b9
ssdeep: 3072:86ai0WuQC2mC6RjCHJEQ2ucSEt/WN7lB17sDzB1QAg0FuDEqHoQCNka:F0W0hC1DEeNcKAOILIa
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom.GandCrab.307 also known as:

BkavW32.AIDetect.malware2
CynetMalicious (score: 99)
ALYacGen:Variant.Ransom.GandCrab.307
CylanceUnsafe
SangforTrojan.Win32.Generic.8
Cybereasonmalicious.38530d
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Adware.ELEX.SL
APEXMalicious
AvastFileRepMetagen [Adw]
KasperskyHEUR:Trojan-Downloader.Win32.Generic
BitDefenderGen:Variant.Ransom.GandCrab.307
NANO-AntivirusTrojan.Win32.ELEX.fcuyjj
MicroWorld-eScanGen:Variant.Ransom.GandCrab.307
TencentMalware.Win32.Gencirc.114d07ab
Ad-AwareGen:Variant.Ransom.GandCrab.307
SophosGeneric PUA ML (PUA)
ComodoMalware@#1tnhad96na6gz
BitDefenderThetaGen:NN.ZexaE.34058.qyW@aqkDyecj
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.dh
FireEyeGeneric.mg.643855638530d36b
EmsisoftGen:Variant.Ransom.GandCrab.307 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDownloader.Generic.bayz
AviraHEUR/AGEN.1109030
eGambitUnsafe.AI_Score_97%
Antiy-AVLTrojan/Generic.ASMalwS.263CE96
MicrosoftTrojan:Win32/Occamy.C
GDataGen:Variant.Ransom.GandCrab.307
McAfeeArtemis!643855638530
MAXmalware (ai score=97)
VBA32BScope.Trojan.Occamy
PandaTrj/GdSda.A
RisingTrojan.Generic@ML.93 (RDML:5u0zg3VPT22Nf/J7z2dTrA)
YandexPUA.Agent!0x0Vm3XhEgI
IkarusPUA.Elex
FortinetW32/Generic.SL!tr.dldr
AVGFileRepMetagen [Adw]
Qihoo-360Win32/TrojanDownloader.Generic.HgIASOkA

How to remove Ransom.GandCrab.307?

Ransom.GandCrab.307 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment