Ransom.Troldesh.249 (file analysis)

The Ransom.Troldesh.249 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom.Troldesh.249 virus can do?

Creates RWX memory
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Anomalous binary characteristics

How to determine Ransom.Troldesh.249?


File Info:
crc32: 74A9EC1A
md5: 1dcee5d0b3775a00505985787a46c86a
name: 1DCEE5D0B3775A00505985787A46C86A.mlw
sha1: 3953b1bcd3db593c75fd6b4a9916a6eb2383d205
sha256: 8c8f3a3b5d4ce2c3f0a784aec3291a96929bef02dbc4ccccbd153c8044d83fdb
sha512: 5e21d9f755d11503eeaa5eb350f71edf14faffb9372970fe7d0c1ea80c5d782751473c7f7824f43abf1027d1a2c29644e61ec42f16fd67d326d35f427fda96ea
ssdeep: 12288:wVDOE4wl/BC8z5ukWE2Izy+ugrwHglr8hxqSK:sa2wkunMnugrwGAHB
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:
0: [No Data]

Ransom.Troldesh.249 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Banker.12946
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Ransom.Troldesh.249
Cylance	Unsafe
Zillya	Trojan.Banker.Win32.10362
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (D)
Alibaba	TrojanBanker:Win32/Banker.82c392cd
K7GW	Spyware ( 004b79361 )
K7AntiVirus	Spyware ( 004b79361 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Spy.Banker.ABZB
APEX	Malicious
Avast	Win32:Banker-CRY [Trj]
Kaspersky	Trojan-Banker.Win32.Banker.ehx
BitDefender	Gen:Variant.Ransom.Troldesh.249
NANO-Antivirus	Trojan.Win32.Banker.phbj
MicroWorld-eScan	Gen:Variant.Ransom.Troldesh.249
Tencent	Win32.Trojan-banker.Banker.Ecli
Ad-Aware	Gen:Variant.Ransom.Troldesh.249
Sophos	Mal/Generic-S
Comodo	Malware@#3utv0lgm752lx
BitDefenderTheta	Gen:NN.ZelphiF.34670.SOW@a4ysy6p
McAfee-GW-Edition	BehavesLike.Win32.Dropper.bh
FireEye	Generic.mg.1dcee5d0b3775a00
Emsisoft	Gen:Variant.Ransom.Troldesh.249 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Banker.Banker.bgs
Avira	TR/Delf.NGS.2
eGambit	Unsafe.AI_Score_100%
Microsoft	Backdoor:Win32/Bladabindi!ml
Arcabit	Trojan.Ransom.Troldesh.249
AegisLab	Trojan.Win32.Mepaow.l64a
GData	Gen:Variant.Ransom.Troldesh.249
Acronis	suspicious
McAfee	GenericR-CPE!1DCEE5D0B377
MAX	malware (ai score=86)
VBA32	TScope.Trojan.Delf
Panda	Trj/Banbra.EWN
Rising	Malware.Undefined!8.C (TFE:5:sAC9q3696bS)
Ikarus	Trojan-Spy.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Banker.ABZB!tr.spy
AVG	Win32:Banker-CRY [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/TrojanPSW.Generic.HwUBEpsA

How to remove Ransom.Troldesh.249?

Ransom.Troldesh.249 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X