About “Ransom.Prometheus.2” infection

The Ransom.Prometheus.2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom.Prometheus.2 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Ransom.Prometheus.2?


File Info:
name: 3285B696585FC092A3E5.mlw
path: /opt/CAPEv2/storage/binaries/929e00bd9b4de7321189e036d0c978b7ca1fdecaaa6433986f02e7c0925f5974
crc32: 334434AA
md5: 3285b696585fc092a3e52a002dfcea52
sha1: bd334d411846396d23c71f1908bdd08cdb725bb3
sha256: 929e00bd9b4de7321189e036d0c978b7ca1fdecaaa6433986f02e7c0925f5974
sha512: c443a58305015caaec348297b10575a0e811d0aefd92f3e5f90fb64ca6b2083341b95675328c354a10dc8ebc90fc467a9615af81b659acd4c803a9214364ad62
ssdeep: 24576:wPPTyInmQzqsD8/7rgMQlxnPBo4BTqAH8ltK63qy7FzALr7:wmImQzCzcfLnJDVq8+s0ROr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F8557C017E44CE11F0192A33C2EF458887B49951AAE6E32B7DBA377D55123A73D0DACB
sha3_384: 0c7e8156fe099980ad4f49cdd2f46e2cd13fa8d012fad81fade8a579e963153f1f2ab41651671ba3bfdeeda5f1b62d0d
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-05-04 16:03:35

Version Info:
FileVersion: 5.15.2.0
OriginalFilename: libGLESv2.dll
ProductName: libGLESv2
ProductVersion: 5.15.2.0
Translation: 0x0409 0x04b0

Ransom.Prometheus.2 also known as:

Bkav	W32.AIDetectMalware.CS
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojan.DCRat.S29707587
Skyhigh	BehavesLike.Win32.Generic.tc
ALYac	Gen:Variant.Ransom.Prometheus.2
Malwarebytes	Generic.Spyware.Stealer.DDS
VIPRE	Gen:Variant.Ransom.Prometheus.2
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Spyware ( 0058ebd51 )
K7GW	Spyware ( 0058ebd51 )
CrowdStrike	win/malicious_confidence_100% (D)
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Spy.Agent.DTP
APEX	Malicious
ClamAV	Win.Packed.Msilmamut-9950860-0
Kaspersky	HEUR:Backdoor.MSIL.DCRat.gen
BitDefender	Gen:Variant.Ransom.Prometheus.2
MicroWorld-eScan	Gen:Variant.Ransom.Prometheus.2
Avast	Win32:RATX-gen [Trj]
Rising	Backdoor.DCRat!8.129D9 (TFE:dGZlOg17w21gZmgvxA)
Emsisoft	Gen:Variant.Ransom.Prometheus.2 (B)
F-Secure	Heuristic.HEUR/AGEN.1323984
DrWeb	Trojan.PWS.StealerNET.124
Zillya	Trojan.BasicGen.Win32.4
FireEye	Generic.mg.3285b696585fc092
Sophos	Troj/DCRat-N
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	HEUR/AGEN.1323984
MAX	malware (ai score=86)
Microsoft	Backdoor:MSIL/DCRat!MTB
Arcabit	Trojan.Ransom.Prometheus.2
ZoneAlarm	HEUR:Backdoor.MSIL.DCRat.gen
GData	Gen:Variant.Ransom.Prometheus.2
Varist	W32/MSIL_Agent.LQ.gen!Eldorado
AhnLab-V3	Trojan/Win.FUJL.C5119684
Acronis	suspicious
McAfee	Trojan-FUJL!3285B696585F
Cylance	unsafe
Tencent	Trojan.Msil.Dcrat.xa
Ikarus	Trojan.MSIL.Crypt
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	MSIL/Agent.DVA!tr
BitDefenderTheta	Gen:NN.ZemsilF.36744.pr0@amEYIRki
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.118463
DeepInstinct	MALICIOUS

How to remove Ransom.Prometheus.2?

Ransom.Prometheus.2 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X