About “Ransom.Loki.19028” infection

The Ransom.Loki.19028 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom.Loki.19028 virus can do?

CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Ransom.Loki.19028?


File Info:
name: 6B76AFAA8959F41C970C.mlw
path: /opt/CAPEv2/storage/binaries/69d90566c7028dc5d95f83e7961fe95d62da5a5c1c0c5ad0ff0c100f03773848
crc32: 592149CE
md5: 6b76afaa8959f41c970c25a74fbd3cb7
sha1: 8ad7e603bedc6f13bdb45f85e3a30e62c5b2e3db
sha256: 69d90566c7028dc5d95f83e7961fe95d62da5a5c1c0c5ad0ff0c100f03773848
sha512: 2e625df9c74d1075b75346d45ebf3f1d3ddcccc4ea71a5586a9d2f68324b68e18583d845969c85bbc33e6161d68cbdf23effefbe6f71b13cc63dcb8bbc447099
ssdeep: 12288:IqvSbseSLymimXZPwVjq6rkJmZYZeyrGPajvRGtFTgkdH8ALzdNcVMkPsmt9VCZp:2QFwg6rfCrGP6pGtFkkdHT4VMkPL9W
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D6459E63B24C9A5EC018C974643390F842E4DF8B6904EB877DD4FFAF6EB124AC9566C1
sha3_384: ef4e059a3b162aa12a0239dd863682a7f39c5e9f53c5dbd6dda71dc84f33f2e3f6d2f830f83b85a65d3e46761789493d
ep_bytes: ff250020400000000000000000000000
timestamp: 2021-06-14 01:56:46

Version Info:
Translation: 0x0000 0x04b0
Comments: Managing your mods!
CompanyName: Norway174
FileDescription: Kerbal Space
FileVersion: 1.5.6.3
InternalName: InternalMemberValueE.exe
LegalCopyright: Copyright © Norway174 (2012 - 2013)
LegalTrademarks: 
OriginalFilename: InternalMemberValueE.exe
ProductName: Norway174
ProductVersion: 1.5.6.3
Assembly Version: 1.5.6.3

Ransom.Loki.19028 also known as:

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.MSIL.Taskun.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PackedNET.964
MicroWorld-eScan	Gen:Variant.Ransom.Loki.19028
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
Skyhigh	PWS-FCXD!6B76AFAA8959
McAfee	PWS-FCXD!6B76AFAA8959
Cylance	unsafe
Zillya	Trojan.Kryptik.Win32.3309406
Sangfor	Trojan.MSIL.Taskun.gen
K7AntiVirus	Trojan ( 0057e0291 )
Alibaba	Trojan:MSIL/AgentTesla.f5f91077
K7GW	Trojan ( 0057e0291 )
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/Kryptik.ABLI
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Taskun.gen
BitDefender	Gen:Variant.Ransom.Loki.19028
Avast	Win32:RATX-gen [Trj]
Tencent	Msil.Trojan.Taskun.Vgil
Emsisoft	Gen:Variant.Ransom.Loki.19028 (B)
F-Secure	Trojan.TR/AD.XetimaLogger.cmlwe
VIPRE	Gen:Variant.Ransom.Loki.19028
Sophos	Mal/Generic-R
Ikarus	Trojan.Inject
Jiangmin	Trojan.MSIL.abayf
Webroot	W32.Trojan.Gen
Varist	W32/MSIL_Agent.CAS.gen!Eldorado
Avira	TR/AD.XetimaLogger.cmlwe
Antiy-AVL	Trojan/MSIL.Kryptik
Microsoft	Trojan:MSIL/AgentTesla!MTB
Xcitium	Malware@#1jzl21oepgkvj
Arcabit	Trojan.Ransom.Loki.D4A54
ZoneAlarm	HEUR:Trojan.MSIL.Taskun.gen
GData	Gen:Variant.Ransom.Loki.19028
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C4526959
VBA32	TScope.Trojan.MSIL
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/GdSda.A
Rising	Trojan.Kryptik!8.8 (CLOUD)
Yandex	Trojan.Igent.b0eBzw.8
MaxSecure	Trojan.Malware.74644571.susgen
Fortinet	MSIL/GenKryptik.FGNG!tr
AVG	Win32:RATX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Ransom.Loki.19028?

Ransom.Loki.19028 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X