Ransom

Ransom.Loki.606 removal

Malware Removal

The Ransom.Loki.606 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Loki.606 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom.Loki.606?



File Info:

name: 27EA4708EE8816572A65.mlw
path: /opt/CAPEv2/storage/binaries/975aae7ff39e2affb6eca7f42fe0985005539313d9a80158900ed418c85ca908
crc32: 62DF1540
md5: 27ea4708ee8816572a65e458b27f581d
sha1: 008a26f14e762687c7963ced28d6bc86a373a915
sha256: 975aae7ff39e2affb6eca7f42fe0985005539313d9a80158900ed418c85ca908
sha512: 6bc48704ba0c3c1d734ab360ea36af955e910b5c3129c7fbc2450d22d40c90ebf7288c32c07f30400771f7d973519a1a1838a734b37a1da68ad7ea2a85cadc3b
ssdeep: 1536:ntE6KLHiS12ekx8WL8GvFbiY8rfPrcdYKf8xiz+A79u+2/jMkvitfBumHaRu3ZSh:tERLHMT4GcXrTi8sz+A0+/kCfB710
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C824F746BD749467C71847306FEAE7B9C20C3EE0E9D5DA0F2080375AAF33686516662F
sha3_384: 022eefe214143bc4e2875253ef9f0239cc935d544a2a235e5fb4ff051d5c150b787c45143a64e948d222fb68599792f0
ep_bytes: 68dc574200e8f0ffffff000000000000
timestamp: 2010-12-29 13:26:24


Version Info:

Translation: 0x0409 0x04b0
Comments: MortisClod
CompanyName: MortisClod
ProductName: TOTALF
FileVersion: 1.00.0005
ProductVersion: 1.00.0005
InternalName: Lobefoo4
OriginalFilename: Lobefoo4.exe

Ransom.Loki.606 also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
FireEyeGeneric.mg.27ea4708ee881657
SkyhighFareit-FSL!27EA4708EE88
ALYacGen:Variant.Ransom.Loki.606
Cylanceunsafe
VIPREGen:Variant.Ransom.Loki.606
SangforSuspicious.Win32.Save.vb
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/InfoStealer.2f0
K7GWTrojan ( 0056510a1 )
K7AntiVirusTrojan ( 0056510a1 )
ArcabitTrojan.Ransom.Loki.606
VirITTrojan.Win32.VBZenPack_Heur
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Injector.ELOG
APEXMalicious
ClamAVWin.Malware.Generic-7678438-0
KasperskyHEUR:Backdoor.Win32.Androm.vho
BitDefenderGen:Variant.Ransom.Loki.606
NANO-AntivirusTrojan.Win32.Stealer.hjlxcn
MicroWorld-eScanGen:Variant.Ransom.Loki.606
AvastWin32:Trojan-gen
TencentWin32.Backdoor.Androm.Hkjl
EmsisoftGen:Variant.Ransom.Loki.606 (B)
F-SecureHeuristic.HEUR/AGEN.1333894
DrWebTrojan.PWS.Stealer.23680
SophosMal/FareitVB-AB
IkarusTrojan.VB.Crypt
GoogleDetected
AviraHEUR/AGEN.1333894
Antiy-AVLTrojan[Backdoor]/Win32.Androm
Kingsoftmalware.kb.a.974
XcitiumMalware@#a5auvln9v3mb
MicrosoftTrojan:Win32/InfoStealer.AA!MTB
ZoneAlarmHEUR:Backdoor.Win32.Androm.vho
GDataGen:Variant.Ransom.Loki.606
VaristW32/VBKrypt.AIN.gen!Eldorado
AhnLab-V3Trojan/Win32.Fareit.R333822
McAfeeFareit-FSL!27EA4708EE88
MAXmalware (ai score=84)
VBA32BScope.TrojanDownloader.Minix
MalwarebytesTrojan.GuLoader
PandaTrj/GdSda.A
RisingDownloader.GuLoader!1.C560 (CLASSIC)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GuLoader.VHIK!tr
BitDefenderThetaGen:NN.ZevbaCO.36802.nm0@a8KMa8hi
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
alibabacloudTrojan.Win.UnkAgent

How to remove Ransom.Loki.606?

Ransom.Loki.606 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment