Ransom

Ransom:AutoIt/Genasom.B information

Malware Removal

The Ransom:AutoIt/Genasom.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:AutoIt/Genasom.B virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Detects Bochs through the presence of a registry key
  • Attempts to modify proxy settings
  • Attempts to disable UAC
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:AutoIt/Genasom.B?



File Info:

name: 6FF98578A6948960677E.mlw
path: /opt/CAPEv2/storage/binaries/2d99e84193a06e1baa3ea1c70d6990bbed2a0baab38a2073a47e82693ebf6537
crc32: 67FBB82B
md5: 6ff98578a6948960677ea1317b7f69db
sha1: 0eb176c2c1aebf76835e074e735e94402947d269
sha256: 2d99e84193a06e1baa3ea1c70d6990bbed2a0baab38a2073a47e82693ebf6537
sha512: 80efb9e31a8ce2b8b13ab3fc83bbcb6796f6e6e6ef699b311580a03c8f731b84ed713cf170f4f6b7d0789bc966d50837b41a88c147b216e01dad13bfab9cad06
ssdeep: 6144:Uzv+kSZBbdH19ex4T02J4fqz22tvymTiB62iKnWKKmDTcNwjreOwISn8m/EBLKVS:UzcRD02J4Sq2vHGB67KWKKmDq8m/ExKs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10184238B85B86D3ACC295F37B66757C20574BC725A2883573B74D907ECE8862B285370
sha3_384: 49f84a6e94c769643796a16b9f39947ed527174481eb4fe1aa8578d8549459e342163410030f0da772204abe932414fc
ep_bytes: 60be007047008dbe00a0f8ff57eb0b90
timestamp: 2011-12-23 10:59:31


Version Info:

FileDescription: 
FileVersion: 3, 3, 8, 0
CompiledScript: AutoIt v3 Script: 3, 3, 8, 0
Translation: 0x0809 0x04b0

Ransom:AutoIt/Genasom.B also known as:

LionicTrojan.Win32.Autoit.j!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.LockScreen.B
FireEyeTrojan.LockScreen.B
CAT-QuickHealRansom.AutoIt.ScreenLocker.A
ALYacTrojan.LockScreen.B
CylanceUnsafe
SangforTrojan.Win32.LockScreen.B
K7AntiVirusTrojan ( 0055e4091 )
AlibabaRansom:Win32/Genasom.6ae89970
K7GWTrojan ( 0055e4091 )
Cybereasonmalicious.8a6948
CyrenW32/Backdoor.EYEQ-3893
SymantecTrojan.Ransomlock.V
ESET-NOD32Win32/LockScreen.ALJ
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Ransom.Win32.Autoit.b
BitDefenderTrojan.LockScreen.B
NANO-AntivirusTrojan.Win32.Autoit.sslxg
AvastAutoIt:Agent-FP [Trj]
TencentWin32.Trojan.Autoit.Wvbl
Ad-AwareTrojan.LockScreen.B
SophosMal/Generic-S
ComodoMalware@#1afc1d6nmwo3j
F-SecureHeuristic.HEUR/AGEN.1215409
DrWebTrojan.AVKill.18647
ZillyaTrojan.AutoIT.Win32.11926
TrendMicroTROJ_RANSOM.CGK
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
EmsisoftTrojan.LockScreen.B (B)
IkarusTrojan.LockScreen
GDataTrojan.LockScreen.B (3x)
JiangminTrojan.MSIL.Zapchast.ag
WebrootW32.Downloader.Gen
AviraHEUR/AGEN.1215409
MicrosoftRansom:AutoIt/Genasom.B
CynetMalicious (score: 100)
McAfeeArtemis!6FF98578A694
MAXmalware (ai score=100)
VBA32TrojanRansom.Autoit
MalwarebytesMalware.AI.4049673104
TrendMicro-HouseCallTROJ_RANSOM.CGK
MaxSecureTrojan.Autoit.AZA
FortinetW32/LockScreen.ALJ
AVGAutoIt:Agent-FP [Trj]
PandaTrj/Autoit.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:AutoIt/Genasom.B?

Ransom:AutoIt/Genasom.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment