Ransom

Ransom.ThunderX malicious file

Malware Removal

The Ransom.ThunderX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom.ThunderX virus can do?

  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Modifies boot configuration settings
  • Clears Windows events or logs
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom.ThunderX?


File Info:

crc32: EA4485D3
md5: 897fa75679d26557788400dfdad35cec
name: 897FA75679D26557788400DFDAD35CEC.mlw
sha1: 024ec3311b2cf43c9368b556175f010e662a5774
sha256: 0fbfdb8340108fafaca4c5ff4d3c9f9a2296efeb9ae89fcd9210e3d4c7239666
sha512: 0932ff6d5eb497c13ca2913549214cb364dd09b2033fb9283699b93c15465b069f96088f8b18a21a70f8c41382c5d53563b772fab171a4bc33a08694379a0dd1
ssdeep: 3072:Y68bUpw5gYyD7nAyYyZIqqkpwJy9WedpC5tut0iOv38PHPjySn1DxTDDq:Y6hptYi7nAytiqqm7dMut0H38+SLq
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom.ThunderX also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.32485
MicroWorld-eScanTrojan.GenericKD.43798240
CAT-QuickHealTrojan.Delshad
Qihoo-360Generic/HEUR/QVM10.2.C78F.Malware.Gen
McAfeeGenericRXLZ-NA!897FA75679D2
CylanceUnsafe
ZillyaTrojan.DelShad.Win32.687
AegisLabTrojan.Win32.DelShad.4!c
SangforMalware
K7AntiVirusTrojan ( 0056de3d1 )
BitDefenderTrojan.GenericKD.43798240
K7GWTrojan ( 0056de3d1 )
ArcabitTrojan.Generic.D29C4EE0
InvinceaMal/Generic-S
BitDefenderThetaGen:NN.ZexaF.34570.iqW@a0QplChi
CyrenW32/Trojan.IAHP-3019
SymantecDownloader
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.DelShad.evn
AlibabaTrojan:Win32/DelShad.59d07456
NANO-AntivirusTrojan.Win32.DelShad.hulhzo
RisingRansom.FileCrypter!8.11F42 (TFE:5:ymrShOAD9m)
Ad-AwareTrojan.GenericKD.43798240
EmsisoftTrojan.FileCoder (A)
ComodoMalware@#rs8n1w0zu863
F-SecureTrojan.TR/AD.RansomHeur.otikn
TrendMicroRansom.Win32.THUNDERX.THIHBO
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
FireEyeGeneric.mg.897fa75679d26557
SophosMal/Generic-S
IkarusTrojan-Ransom.FileCrypter
JiangminTrojan.DelShad.afv
WebrootW32.Ransom.Gen
AviraTR/AD.RansomHeur.otikn
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.DelShad
MicrosoftRansom:Win32/FileCrypter.MB!MTB
ZoneAlarmTrojan.Win32.DelShad.evn
GDataTrojan.GenericKD.43798240
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.FileCoder.R350898
VBA32BScope.Trojan.DelShad
ALYacTrojan.Ransom.Filecoder
TACHYONRansom/W32.ThunderX.142848
MalwarebytesRansom.ThunderX
PandaTrj/CI.A
ESET-NOD32a variant of Win32/Filecoder.RanzyLocker.A
TrendMicro-HouseCallRansom.Win32.THUNDERX.THIHBO
TencentMalware.Win32.Gencirc.10ce012a
YandexTrojan.Filecoder!gkid44/TpOA
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/Filecoder.ODD!tr
AVGWin32:RansomX-gen [Ransom]
AvastWin32:RansomX-gen [Ransom]
CrowdStrikewin/malicious_confidence_70% (W)
MaxSecureTrojan.Malware.74666482.susgen

How to remove Ransom.ThunderX?

Ransom.ThunderX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment