Categories: Ransom

What is “Ransom.Jamper.brn”?

The Ransom.Jamper.brn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom.Jamper.brn virus can do?

Injection with CreateRemoteThread in a remote process
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process created a hidden window
Drops a binary and executes it
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Attempts to delete volume shadow copies
Modifies boot configuration settings
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Likely virus infection of existing system binary
Attempts to modify proxy settings
Clears Windows events or logs
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

Related domains:

geoiptool.com

iplogger.org

How to determine Ransom.Jamper.brn?


File Info:
crc32: 252FC792md5: aa413c45de43a32fb07f5bc5db7b745dname: zeppelin1.exesha1: c552202cef74e3ded0028a15df362515b4dcde76sha256: 81d1c18834f916f7c3922cca2d8fdbb3ef5fd9905acc80b7f4e4d96b1371d67fsha512: 01f8431aca1d45b7e437a79a120b41818a88a5da069ff2fd703c321fb72a6bb7ed383d0cf67eb03fb183c25f23342be14629af5d444e98811535e57301e50198ssdeep: 6144:kia1vcaEaA+HPsISAzG44DQFu/U3buRKlemZ9DnGAeWBELJ+:kHctWvVSAx4DQFu/U3buRKlemZ9DnGAtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Ransom.Jamper.brn also known as:

Bkav	W32.AIDetectVM.malware2
MicroWorld-eScan	Generic.Ransom.Buhtrap.5ED60696
FireEye	Generic.mg.aa413c45de43a32f
McAfee	GenericRXJE-WA!AA413C45DE43
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0055c8001 )
BitDefender	Generic.Ransom.Buhtrap.5ED60696
K7GW	Trojan ( 0055c8001 )
CrowdStrike	win/malicious_confidence_100% (D)
TrendMicro	Ransom.Win32.ZEPPELIN.SMTH
BitDefenderTheta	AI:Packer.C332A6E21E
TrendMicro-HouseCall	Ransom.Win32.ZEPPELIN.SMTH
Avast	Win32:Dh-A [Heur]
GData	Generic.Ransom.Buhtrap.5ED60696
Kaspersky	HEUR:Trojan.Win32.Agent.gen
NANO-Antivirus	Trojan.Win32.Encoder.hbetkw
Tencent	Malware.Win32.Gencirc.10b86475
Ad-Aware	Generic.Ransom.Buhtrap.5ED60696
Emsisoft	Generic.Ransom.Buhtrap.5ED60696 (B)
F-Secure	Heuristic.HEUR/Malware
DrWeb	DLOADER.Trojan
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Emotet.dh
SentinelOne	DFI – Malicious PE
Trapmine	suspicious.low.ml.score
Sophos	Mal/Behav-010
APEX	Malicious
Cyren	W32/Ransom.LV.gen!Eldorado
Webroot	W32.Ransom.Zeppelin
Avira	HEUR/Malware
Antiy-AVL	Trojan[Ransom]/Win32.Buran.a
Endgame	malicious (high confidence)
Arcabit	Generic.Ransom.Buhtrap.5ED60696
ZoneAlarm	HEUR:Trojan.Win32.Agent.gen
Microsoft	Ransom:Win32/Zeppelin.A!MSR
AhnLab-V3	Malware/Win32.Generic.C3574288
Acronis	suspicious
VBA32	BScope.TrojanRansom.Crypmod
ALYac	Generic.Ransom.Buhtrap.5ED60696
MAX	malware (ai score=81)
Malwarebytes	Ransom.Jamper.brn
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Filecoder.Buran.H
Rising	Trojan.Filecoder!8.68 (TFE:dGZlOgU6SS2FMTnuTQ)
Ikarus	Trojan-Ransom.Buran
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Buran.H!tr.ransom
AVG	FileRepMalware
Cybereason	malicious.5de43a
Paloalto	generic.ml