Ransom

Ransom.HydraCrypt.28 removal instruction

Malware Removal

The Ransom.HydraCrypt.28 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.HydraCrypt.28 virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Appends a known CryptoShield ransomware file extension to files that have been encrypted
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom.HydraCrypt.28?



File Info:

crc32: 27CC7EEC
md5: bd122e721d1a9c57087cf01d113bbe95
name: BD122E721D1A9C57087CF01D113BBE95.mlw
sha1: 31f3ebad60eab8bad0c67c2ff387af087bb10492
sha256: 066a0fa656ef5618563d88563cb3e15694b40a7cf9373edd97ddcfdb76eb093c
sha512: 430f506314c160e0a2c87b72730fb78434d9accba55201048569bd7e7f6cdb2e74f317115543c371299bb76f7d1236aaf411f15e346f6c4a225fc3b3b443f86d
ssdeep: 1536:WVLEBqWEgZPK+WL5lXDNdoKk7P08Bv2KDpUjMww49NMzppbj6Qa2:ILbvp/5lzN07rntUAD49N2mQ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2001 - 2017
FileVersion: 7, 4, 1, 8
CompanyName: Windows Protect
ProductName: Windows Protect
ProductVersion: 7, 4, 1, 8
FileDescription: Windows Protect
OriginalFilename: winlogon.exe
Translation: 0x0860 0x03a8

Ransom.HydraCrypt.28 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0056e7311 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader23.53303
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Chapak.ZZ6
ALYacGen:Variant.Ransom.HydraCrypt.28
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0056e7311 )
Cybereasonmalicious.21d1a9
SymantecRansom.Troldesh!gm
ESET-NOD32a variant of Win32/GenKryptik.UAI
APEXMalicious
AvastWin32:Malware-gen
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.HydraCrypt.28
NANO-AntivirusTrojan.Win32.GenKryptik.evpmrx
MicroWorld-eScanGen:Variant.Ransom.HydraCrypt.28
TencentWin32.Trojan.Generic.Pfss
Ad-AwareGen:Variant.Ransom.HydraCrypt.28
SophosMal/Generic-S
ComodoMalware@#103sr7g8krrhz
BitDefenderThetaGen:NN.ZexaF.34790.fu0@ai91K6oi
VIPREBehavesLike.Win32.Malware.rwx (mx-v)
McAfee-GW-EditionBehavesLike.Win32.Generic.nc
FireEyeGeneric.mg.bd122e721d1a9c57
EmsisoftGen:Variant.Ransom.HydraCrypt.28 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.bquxa
AviraHEUR/AGEN.1113593
eGambitUnsafe.AI_Score_52%
MicrosoftRansom:Win32/Shieldcrypt.A
ArcabitTrojan.Ransom.HydraCrypt.28
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Ransom.HydraCrypt.28
McAfeeTrojan-FLGJ!BD122E721D1A
MAXmalware (ai score=100)
VBA32BScope.Trojan.Encoder
MalwarebytesMachineLearning/Anomalous.96%
PandaTrj/CI.A
RisingTrojan.Generic@ML.92 (RDML:V/of5HR4u4NxTF+rQp/Y1g)
IkarusTrojan.Win32.Krypt
FortinetW32/Kryptik.FOCI!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Generic.HwoCPBkB

How to remove Ransom.HydraCrypt.28?

Ransom.HydraCrypt.28 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment