Ransom

Ransom:MSIL/Cryptolocker.DM!MTB (file analysis)

Malware Removal

The Ransom:MSIL/Cryptolocker.DM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:MSIL/Cryptolocker.DM!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.

How to determine Ransom:MSIL/Cryptolocker.DM!MTB?



File Info:

crc32: 5F50FEDB
md5: 94ee41f0498c545c61507a3abdc03da8
name: 94EE41F0498C545C61507A3ABDC03DA8.mlw
sha1: f9f706b3da354250dde1f52c4eff14dfc487cb00
sha256: 9ed988d6afc08faa0b512f8f0e875531474e0179d059170bc3a676b27e0629ef
sha512: 512236ef06f36019e01a6f4a35a6da2cc89246cfaabd3592cf5c196e7ac73057af1655c237ffd310d023a7b52f296b563a35ba1e78d821ed163ab5f4f73683fd
ssdeep: 3072:QZgviFxIgVQ8681KQ8FFaTDDDDDDDKAUJ25dkvwXk3LaZEkQPbtIHaqUZ5EqI/r:sgvi71n8KpR5dOwY9bKHaWyYT9S
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 Fatura 2021
Assembly Version: 1.0.0.0
InternalName: FaturaDecryptor.exe
FileVersion: 1.0.0.0
CompanyName: 
LegalTrademarks: 
Comments: Fatura Bilgilendirme
ProductName: FaturaDecryptor
ProductVersion: 1.0.0.0
FileDescription: FaturaGUI
OriginalFilename: FaturaDecryptor.exe

Ransom:MSIL/Cryptolocker.DM!MTB also known as:

Elasticmalicious (high confidence)
ALYacTrojan.Ransom.CryptoJoker.A
CylanceUnsafe
Cybereasonmalicious.0498c5
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Filecoder.CryptoJoker.D
APEXMalicious
AvastFileRepMalware
BitDefenderTrojan.Ransom.CryptoJoker.A
MicroWorld-eScanTrojan.Ransom.CryptoJoker.A
Ad-AwareTrojan.Ransom.CryptoJoker.A
SophosMal/Jokryp-A
BitDefenderThetaGen:NN.ZemsilF.34678.tm0@aimpr0
McAfee-GW-EditionArtemis!Trojan
FireEyeTrojan.Ransom.CryptoJoker.A
EmsisoftTrojan.Ransom.CryptoJoker.A (B)
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:MSIL/Cryptolocker.DM!MTB
ArcabitTrojan.Ransom.CryptoJoker.A
AegisLabTrojan.Win32.CryptoJoker.4!c
GDataTrojan.Ransom.CryptoJoker.A
McAfeeArtemis!94EE41F0498C
MAXmalware (ai score=83)
MalwarebytesMalware.AI.1527449633
RisingRansom.CryptoJoker!1.D0E2 (CLASSIC)
FortinetMSIL/CryptoJoker.D!tr.ransom
AVGFileRepMalware

How to remove Ransom:MSIL/Cryptolocker.DM!MTB?

Ransom:MSIL/Cryptolocker.DM!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment