Categories: Ransom

Ransom.Polyglot.12 malicious file

The Ransom.Polyglot.12 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom.Polyglot.12 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Ransom.Polyglot.12?



File Info:

name: B496C6FFF97405AB7BA1.mlwpath: /opt/CAPEv2/storage/binaries/cdffd927e8b81548f80c5a3a0ce4e8afd84b162c4f7bc203fdba09cf91fcddbacrc32: 23328B86md5: b496c6fff97405ab7ba1673905aa5787sha1: 0b74d1e49037b4e554e87216ba8065927f9f48fcsha256: cdffd927e8b81548f80c5a3a0ce4e8afd84b162c4f7bc203fdba09cf91fcddbasha512: b97dacdc72c644ca88f23b9f1f4f6ec03893d62e5d520a2f015f3c2a5ffc8a7c52bb2100074c112cdaef442762383c4c63238ab8c012f810735fa4ffab55b9bcssdeep: 3072:tBs8F3AqwRwMPzdMNKJZfanQFvEJjHf4ckRn4O:bs63AdPzdMNKnFemztype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18CD3E113A8474271F3519AB4247B57B493A7BCFD4F228AAB1794FE1D1835681BC3239Csha3_384: dedb71adee93b288d22b9bee949c31329f7425a2e3448e6fd38ae4ebe02a94befceeabae30e5006696d5109202db1777ep_bytes: 558bec6aff68186e4000686e4d400064timestamp: 2014-05-05 18:50:21

Version Info:

Comments: CompanyNaSe:  FileDescription: clusterFileVersion: 1, 0, 0, 1InternalName: clusterLegalCopyright: Copyright ? 2014LegalTrademarks: OriginalFilename: cluster.exePrivateBuild: ProductName:   clusterProductVersion: 1, 0, 0, 1SpecialBuild: Translation: 0x0810 0x04b0

Ransom.Polyglot.12 also known as:

Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Ransom.Polyglot.12
FireEye Generic.mg.b496c6fff97405ab
CAT-QuickHeal TrojanPWS.Zbot.AP4
ALYac Gen:Variant.Ransom.Polyglot.12
Cylance Unsafe
VIPRE Gen:Variant.Ransom.Polyglot.12
Sangfor Suspicious.Win32.Save.ins
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Gen:Variant.Ransom.Polyglot.12
K7GW Riskware ( 0040eff71 )
Cybereason malicious.ff9740
BitDefenderTheta Gen:NN.ZexaF.34646.iq3@aaH5cjp
VirIT Trojan.Win32.Inject2.ADZB
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 Win32/Injector.BDMK
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Generic
NANO-Antivirus Trojan.Win32.Crypted.cxpkbb
Cynet Malicious (score: 100)
Rising Trojan.DllCheck!8.117DB (TFE:1:TKbJja44gZS)
Ad-Aware Gen:Variant.Ransom.Polyglot.12
Sophos ML/PE-A + Mal/Zbot-QU
Comodo TrojWare.Win32.Xpack.SFSS@5a5ibq
DrWeb Trojan.Winlock.8004
Zillya Trojan.Inject.Win32.74123
TrendMicro TROJ_ROVNIX.SMW
McAfee-GW-Edition PWSZbot-FXE!B496C6FFF974
Trapmine malicious.moderate.ml.score
Emsisoft Gen:Variant.Ransom.Polyglot.12 (B)
Ikarus Virus.Win32.Zbot
Jiangmin Backdoor/DarkKomet.fno
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Generic.ASMalwS.330C
Microsoft Trojan:Win32/DllCheck.A!MSR
SUPERAntiSpyware Trojan.Agent/Gen-Graftor
GData Win32.Trojan.EmotetSpamBot.B
Google Detected
AhnLab-V3 Win-Trojan/Unruy.138248
McAfee PWSZbot-FXE!B496C6FFF974
MAX malware (ai score=83)
VBA32 Trojan.Inject
Malwarebytes MachineLearning/Anomalous.100%
Panda Trj/Genetic.gen
TrendMicro-HouseCall TROJ_ROVNIX.SMW
Tencent Malware.Win32.Gencirc.1169f329
Yandex Trojan.Inject!tXW6Jr3Y7jc
SentinelOne Static AI – Suspicious PE
Fortinet W32/Krypt.DE!tr
AVG Win32:Crypt-REG [Trj]
Avast Win32:Crypt-REG [Trj]
CrowdStrike win/malicious_confidence_100% (W)

How to remove Ransom.Polyglot.12?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: clusterRansom.Polyglot.12
2 years ago

Recent Posts

How to remove “Win32/Klez.H”?

The Win32/Klez.H is considered dangerous by lots of security experts. When this infection is active,…

3 mins ago

Trojan.VBCrypt.MF.139 malicious file

The Trojan.VBCrypt.MF.139 is considered dangerous by lots of security experts. When this infection is active,…

3 mins ago

Malware.AI.1558347307 information

The Malware.AI.1558347307 is considered dangerous by lots of security experts. When this infection is active,…

18 mins ago

Worm.Win32.Viking.lw removal tips

The Worm.Win32.Viking.lw is considered dangerous by lots of security experts. When this infection is active,…

19 mins ago

Should I remove “Generic.Dacic.1A7FA519.A.342C4103”?

The Generic.Dacic.1A7FA519.A.342C4103 is considered dangerous by lots of security experts. When this infection is active,…

19 mins ago

Graftor.84307 removal guide

The Graftor.84307 is considered dangerous by lots of security experts. When this infection is active,…

20 mins ago