Ransom

Ransom.Locky.355 removal

Malware Removal

The Ransom.Locky.355 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.Locky.355 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Creates a copy of itself
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.Locky.355?


File Info:

name: FF7810EDAA65E8480FD2.mlw
path: /opt/CAPEv2/storage/binaries/d6ef91cc1bb6cf47738a2583950d94a15c9cfc7186b4a85a4db8ea3753da1d30
crc32: 12C7E4D6
md5: ff7810edaa65e8480fd2bd43e40fb98b
sha1: bda752a2bec4e0ff446dc03243278f7a0d755c52
sha256: d6ef91cc1bb6cf47738a2583950d94a15c9cfc7186b4a85a4db8ea3753da1d30
sha512: f9e548566e30bcdce2e475f30970259f9fffd983656d8d12c73d4c9693b9aaa0c4d5e546d24f18077b7680f747e9617c7dd2b286c4100d622804e3c177c0b50e
ssdeep: 3072:jnNPUl2dcia59YRHCvV9CC3v3aDSPpA4huycjnSVNDrV0FRUVh18HU:jxUl2dciQYRHyzCC3vKGPpA4h1cTSVNZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15914F176C706914FD0F6C67031839335F32124AAD3DA28D0ABA0577B3776A4ED9AA7C1
sha3_384: cf5956ae12b98b2290d4949ad4c411e108a37b4332d69753c583ceac05ab3d49e33e1e479876375af9c180ebe5274ffe
ep_bytes: 558bec81c4a0fbffff6a006a006aff6a
timestamp: 2005-11-24 06:06:47

Version Info:

0: [No Data]

Ransom.Locky.355 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Cycbot.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.Locky.355
FireEyeGeneric.mg.ff7810edaa65e848
SkyhighBehavesLike.Win32.Wanex.cc
ALYacGen:Variant.Ransom.Locky.355
MalwarebytesBackdoor.Bot
VIPREGen:Variant.Ransom.Locky.355
SangforTrojan.Win32.Save.a
K7AntiVirusBackdoor ( 003210941 )
AlibabaTrojan:Win32/Bulta.27239687
K7GWBackdoor ( 003210941 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.36802.lqW@aWa5UYei
VirITTrojan.Win32.Cryptor.A
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.SEA
APEXMalicious
ClamAVWin.Trojan.Gbot-2013
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ransom.Locky.355
NANO-AntivirusTrojan.Win32.Crypted.gcqji
ViRobotTrojan.Win32.Z.Cycbot.195584.H
AvastWin32:Crypt-KEU [Trj]
TencentMalware.Win32.Gencirc.1406b871
TACHYONTrojan/W32.Jorik.195584.D
SophosMal/EncPk-ACO
F-SecureTrojan.TR/Crypt.ZPACK.Gen
DrWebBackDoor.Gbot.1186
ZillyaTrojan.Jorik.Win32.14032
TrendMicroBKDR_CYCBOT.SME3
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Ransom.Locky.355 (B)
IkarusBackdoor.Win32.Cycbot
GDataWin32.Trojan.Repno.C@gen
JiangminTrojan/Jorik.krg
GoogleDetected
AviraTR/Crypt.ZPACK.Gen
VaristW32/Goolbot.K.gen!Eldorado
Antiy-AVLTrojan/Win32.AGeneric
XcitiumTrojWare.Win32.Kryptik.SDE@48tr5g
ArcabitTrojan.Ransom.Locky.355
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:Win32/Cycbot.B
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Jorik.R10909
McAfeeBackDoor-EXI.gen.w
MAXmalware (ai score=100)
VBA32BScope.Trojan.MTA.01544
Cylanceunsafe
PandaTrj/Cycbot.gen
TrendMicro-HouseCallBKDR_CYCBOT.SME3
RisingBackdoor.Cycbot!8.850 (TFE:2:Qb651bLBaZB)
YandexTrojan.Cycbot.Gen!Pac.5
SentinelOneStatic AI – Malicious PE
FortinetW32/Gbot.ODL!tr.bdr
AVGWin32:Crypt-KEU [Trj]
Cybereasonmalicious.daa65e
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Locky

How to remove Ransom.Locky.355?

Ransom.Locky.355 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment