Ransom

Ransom.Loki.5944 removal tips

Malware Removal

The Ransom.Loki.5944 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Loki.5944 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • CAPE detected the embedded win api malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.Loki.5944?



File Info:

name: 7B1ED269C3F3125AF4CB.mlw
path: /opt/CAPEv2/storage/binaries/1d8292a5ec108d3b33cfb402abd4476f7eeb3ed76fad46bee2e226b474462da6
crc32: D1879BBE
md5: 7b1ed269c3f3125af4cb70589ba57fcb
sha1: b5bfa02773dde7b7c9fb4f2b851f0a12d0181240
sha256: 1d8292a5ec108d3b33cfb402abd4476f7eeb3ed76fad46bee2e226b474462da6
sha512: 7f2b25e871a809613118a8f9ade7711d8140f7ceffa6e338bdabf26ff2febb07b79440c2fa1a597cdf055216cc7e9fddd1565b99d4b4676edf455cbe1a9f09e2
ssdeep: 12288:KTfx4TfxEJqazTSam0CAZMG9xv+63WiamUtIhrPSybFvT4RH3NI3l5RAOP1bwe+a:s3fR3/BLie1czIzJi9UVp/MGIy3hMCUA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AC454C35339DAA06CEC0C87A6C9A62BD0ABD5374E7F400933B467A2D5E7C4B651D312B
sha3_384: 475350f60e49ae50fed28c9d8608fc45939d330aa0db0ce65611ecfe87d987a54474c5583d23f06d035593ed48ac9cd5
ep_bytes: 6860275200e8eeffffff000000000000
timestamp: 2012-03-04 10:05:09


Version Info:

Translation: 0x0409 0x04b0
Comments: Tautochronous9
CompanyName: MENAGERIES
ProductName: CHOMBEE
FileVersion: 1.02.0003
ProductVersion: 1.02.0003
InternalName: Cceres7
OriginalFilename: Cceres7.exe

Ransom.Loki.5944 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ransom.Loki.5944
ClamAVWin.Packed.Vbkryjetor-7191359-0
FireEyeGeneric.mg.7b1ed269c3f3125a
SkyhighFareit-FNV!7B1ED269C3F3
McAfeeFareit-FNV!7B1ED269C3F3
MalwarebytesTrojan.MalPack.VB.Generic
SangforSuspicious.Win32.Save.vb
AlibabaBackdoor:Win32/Androm.caead883
Cybereasonmalicious.773dde
ArcabitTrojan.Ransom.Loki.D1738
BitDefenderThetaGen:NN.ZevbaF.36744.mn1@aeWg2cbi
VirITTrojan.Win32.VBZenPack_Heur
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.EDTQ
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Backdoor.Win32.Androm.gen
BitDefenderGen:Variant.Ransom.Loki.5944
AvastWin32:DangerousSig [Trj]
SophosMal/FareitVB-V
F-SecureHeuristic.HEUR/AGEN.1336342
VIPREGen:Variant.Ransom.Loki.5944
TrendMicroTrojanSpy.Win32.LOKI.THBBAAI
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Ransom.Loki.5944 (B)
GoogleDetected
AviraHEUR/AGEN.1336342
MAXmalware (ai score=82)
Kingsoftmalware.kb.a.996
MicrosoftWorm:Win32/Gamarue
ZoneAlarmHEUR:Backdoor.Win32.Androm.gen
GDataGen:Variant.Ransom.Loki.5944
AhnLab-V3Win-Trojan/VBMalpack.Gen
VBA32BScope.TrojanPSW.Stealer
ALYacGen:Variant.Ransom.Loki.5944
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTrojanSpy.Win32.LOKI.THBBAAI
RisingTrojan.Injector!1.B459 (CLASSIC)
IkarusTrojan.Crypt.Malcert
FortinetW32/GenKryptik.FGZN!tr
AVGWin32:DangerousSig [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Ransom.Loki.5944?

Ransom.Loki.5944 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment