Ransom.Shade.NSIS (file analysis)

The Ransom.Shade.NSIS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom.Shade.NSIS virus can do?

Anomalous binary characteristics

How to determine Ransom.Shade.NSIS?


File Info:
crc32: 86B4090B
md5: 3ed59ddb68669b46a5af1570a95f7827
name: 3ED59DDB68669B46A5AF1570A95F7827.mlw
sha1: 4af0fa3a657fc80e4afb15b1f11513fd9cc3aad5
sha256: 9229c89411e47d19e9173f086d0949765e633dbee851a24314a3d34a598bc2f1
sha512: f62362e87b340524ce0179826c6f7f5756e12a53dca6615df85a0c4bb53d7d8c1118c4f68ada46ba001b56552e44c750198b52850c9336c88e94801e3db8b306
ssdeep: 6144:3hRiHuv5aSI6VMnEy1lJxfxfq3e+u+5ZHk74YDKkcN9rvq:xIHuv0sip+rXkxKXN9rS
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:
LegalCopyright: RVM
FileVersion: 0.6.7
CompanyName: RVM
LegalTrademarks: RVM 
Comments: This installation was built with NSIS.
ProductName: SMPlayer
FileDescription: SMPlayer for Windows
Translation: 0x0409 0x04e4

Ransom.Shade.NSIS also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 005177c61 )
Elastic	malicious (high confidence)
ALYac	Trojan.Ransom.BXA
Cylance	Unsafe
Sangfor	Ransom.Win32.Shade.gen
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/Injector.88d26427
K7GW	Trojan ( 005177c61 )
Cybereason	malicious.b68669
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of NSIS/Injector.WG
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan-Ransom.Win32.Shade.gen
BitDefender	Trojan.Ransom.BXA
NANO-Antivirus	Trojan.Nsis.AD.etolfo
MicroWorld-eScan	Trojan.Ransom.BXA
Tencent	Win32.Trojan.Generic.Lpbx
Sophos	Mal/Generic-S
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fc
FireEye	Trojan.Ransom.BXA
Emsisoft	Trojan.Ransom.BXA (B)
Webroot	W32.Trojan.Gen
Microsoft	Trojan:Win32/Occamy.C92
AegisLab	Trojan.Win32.Shade.4!c
GData	Trojan.Ransom.BXA
AhnLab-V3	Trojan/Win32.Globeimposter.R209326
McAfee	Ransom-GlobeImp!3ED59DDB6866
MAX	malware (ai score=81)
Malwarebytes	Ransom.Shade.NSIS
Panda	Trj/CI.A
Ikarus	Trojan.NSIS.Injector
Fortinet	W32/Injector.XG!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Ransom.Shade.NSIS?

Ransom.Shade.NSIS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X