Ransom

Should I remove “Ransom.TargetComp.S27214387”?

Malware Removal

The Ransom.TargetComp.S27214387 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.TargetComp.S27214387 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Manipulates data from or to the Recycle Bin
  • A process created a hidden window
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to delete or modify volume shadow copies
  • Writes a potential ransom message to disk
  • Modifies boot configuration settings
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom.TargetComp.S27214387?


File Info:

name: 2ACB21C02B38DAD982D7.mlw
path: /opt/CAPEv2/storage/binaries/af723e236d982ceb9ca63521b80d3bee487319655c30285a078e8b529431c46e
crc32: 197DAB97
md5: 2acb21c02b38dad982d78ebff7cfa2d3
sha1: 75543627f8f2ab0c85228372a0eca6928ee84b7d
sha256: af723e236d982ceb9ca63521b80d3bee487319655c30285a078e8b529431c46e
sha512: dfa53b2deff45b2b32cf8dcb346d42c8a5781e439103f5a4f537c78c681b865c8b71b804e8eedca70b1fe65582d0c40a0da3dc6a167c2a8396ec8f9080af28e2
ssdeep: 3072:NvuCyuiR1nhKSPkZOWMLWBTxcoQivvz5l8E8h:NxytRbKZZOBLWBqoQkD8E
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1D6D3AC2572E0C133E0A712309D74DBB12EBDB8316975D60BB788476E6E746C0CA363A3
sha3_384: 03ac3e92f3746b6259c4710fd7e45ff65e4814efff2ae404f3d2f791b9559a8e375fa5eacdca33cd2b638e4f3a5d3e70
ep_bytes: e832550000e9a5feffff8bff558bec81
timestamp: 2021-12-04 23:47:57

Version Info:

0: [No Data]

Ransom.TargetComp.S27214387 also known as:

LionicTrojan.Win32.Generic.j!c
CAT-QuickHealRansom.TargetComp.S27214387
McAfeeGenericRXRE-KO!2ACB21C02B38
MalwarebytesRansom.FileCryptor
SangforTrojan.Win32.Filecoder.OHO
K7AntiVirusTrojan ( 0057f18f1 )
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 0057f18f1 )
Cybereasonmalicious.02b38d
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.OHO
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderGen:Heur.Ransom.REntS.Gen.1
MicroWorld-eScanGen:Heur.Ransom.REntS.Gen.1
AvastFileRepMalware [Misc]
RisingRansom.Outsider!1.D74B (CLOUD)
Ad-AwareGen:Heur.Ransom.REntS.Gen.1
EmsisoftGen:Heur.Ransom.REntS.Gen.1 (B)
DrWebTrojan.Encoder.34933
ZillyaTrojan.Filecoder.Win32.21285
TrendMicroRansom.Win32.GARRANTDECRYPT.SM
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
FireEyeGeneric.mg.2acb21c02b38dad9
SophosGeneric ML PUA (PUA)
IkarusTrojan-Ransom.FileCrypter
GDataGen:Heur.Ransom.REntS.Gen.1
JiangminTrojan.Generic.hegkg
WebrootW32.Trojan.Gen
AviraTR/FileCoder.efijo
MAXmalware (ai score=85)
ArcabitTrojan.Ransom.REntS.Gen.1
ZoneAlarmHEUR:Trojan-Ransom.Win32.Generic
MicrosoftRansom:Win32/GarrantDecrypt.PA!MTB
AhnLab-V3Ransomware/Win.GarrantDecrypt.C4763520
VBA32BScope.Trojan.DelShad
ALYacTrojan.Ransom.Filecoder
TACHYONRansom/W32.Carone.132096
CylanceUnsafe
TencentWin32.Trojan.Filecoder.Hugh
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.10307848.susgen
FortinetW32/Filecoder.D181!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34638.iuW@a0S@Gedi
AVGFileRepMalware [Misc]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom.TargetComp.S27214387?

Ransom.TargetComp.S27214387 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment