Ransom.Prometheus.1 (file analysis)

The Ransom.Prometheus.1 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom.Prometheus.1 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Ransom.Prometheus.1?


File Info:
name: 7E07CEB95E770ADAF561.mlw
path: /opt/CAPEv2/storage/binaries/5b56afddccf9d2ba4f8edd22450e216f2b75c074138a5b70a42df073e7146984
crc32: 4BDDB673
md5: 7e07ceb95e770adaf561b0c781986ed8
sha1: 25212c19ad2ba526d091788b54f8b4d3754a05e3
sha256: 5b56afddccf9d2ba4f8edd22450e216f2b75c074138a5b70a42df073e7146984
sha512: 8007ba64ffcbe8de01721009dd50cbc6bd5cd81cef22115b0e9b72d40036ffa2a495d191320c4d5b76f61f48a9561636f5b0ca85e637089b00da52bc49a9352c
ssdeep: 49152:LEYznjiEmtQS0X5kzhHo+zc48v6AsJ/e:LJnhhX5y1T8+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T160A5BE067E44CE11F0181633C2EF4A5847B4A951AAA6E33B7DFA336E55123A77C0D9CB
sha3_384: 2d5c26832bc0d63e010a01957561da931aa056debeec79b1e4b15cb75a9b3772da50881ab7903d71ff7454e402575edc
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-24 15:13:08

Version Info:
ProductName: Oe8SaQGTfIV5lpfW8XpiZU6x9lt
CompanyName: fcrFI95ZmtvTONGcA
InternalName: ExIM5Tc.exe
LegalCopyright: t3uNS2voj2hQbzgOutaPSM
Comments: KxngzZw0
OriginalFilename: TYtB2s.exe
ProductVersion: 896.683.330.279
FileVersion: 782.328.777.562
Translation: 0x0409 0x0514

Ransom.Prometheus.1 also known as:

Bkav	W32.AIDetectMalware.CS
tehtris	Generic.Malware
DrWeb	Trojan.PWS.StealerNET.124
MicroWorld-eScan	Gen:Variant.Ransom.Prometheus.1
CAT-QuickHeal	Trojan.DCRat.S29707587
Skyhigh	BehavesLike.Win32.Generic.vc
McAfee	Trojan-FUJL!7E07CEB95E77
Malwarebytes	Generic.Spyware.Stealer.DDS
Zillya	Trojan.BasicGen.Win32.4
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Spyware ( 0058ec321 )
K7GW	Spyware ( 0058ec321 )
Cybereason	malicious.9ad2ba
Arcabit	Trojan.Ransom.Prometheus.1
BitDefenderTheta	Gen:NN.ZemsilF.36680.as0@aC0uCKgi
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Spy.Agent.DTP
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Packed.Basic-9952747-0
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Gen:Variant.Ransom.Prometheus.1
Avast	Win32:RATX-gen [Trj]
Tencent	Backdoor.MSIL.Stealer.11025419
Emsisoft	Gen:Variant.Ransom.Prometheus.1 (B)
F-Secure	Heuristic.HEUR/AGEN.1323984
VIPRE	Gen:Variant.Ransom.Prometheus.1
Sophos	Troj/DCRat-N
SentinelOne	Static AI – Malicious PE
Varist	W32/MSIL_Agent.LQ.gen!Eldorado
Avira	HEUR/AGEN.1323984
Antiy-AVL	Trojan[Spy]/MSIL.Stealer
Kingsoft	malware.kb.c.983
Microsoft	Backdoor:MSIL/DCRat!MTB
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	Gen:Variant.Ransom.Prometheus.1
Google	Detected
AhnLab-V3	Trojan/Win.FUJL.C5130705
Acronis	suspicious
ALYac	Gen:Variant.Ransom.Prometheus.1
Cylance	unsafe
Panda	Trj/GdSda.A
Rising	Backdoor.DCRat!8.129D9 (TFE:dGZlOg17w21gZmgvxA)
Ikarus	Trojan.MSIL.Injector
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Agent.DVA!tr
AVG	Win32:RATX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Ransom.Prometheus.1?

Ransom.Prometheus.1 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X