Ransom

Ransom:MSIL/Hibotibo.AA!MTB information

Malware Removal

The Ransom:MSIL/Hibotibo.AA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:MSIL/Hibotibo.AA!MTB virus can do?

  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Binary compilation timestomping detected

How to determine Ransom:MSIL/Hibotibo.AA!MTB?


File Info:

name: 318A50CB34CBA9325DFD.mlw
path: /opt/CAPEv2/storage/binaries/8a10e0dc4994268ea33baecd5e89d1e2ddabef30afa09961257a4329669e857a
crc32: F05ED367
md5: 318a50cb34cba9325dfd82d7e66394f2
sha1: fcad682ce067a2cdc077b4c39a05331d187482a2
sha256: 8a10e0dc4994268ea33baecd5e89d1e2ddabef30afa09961257a4329669e857a
sha512: 01a803d25670b1d6092cefaabc266f3c47f286827b08058732e5c3904ac8ae58f6f948a3e0d18c5a09bc6876951828c8e7394f9adb3398d843679440f348b0a1
ssdeep: 12288:Y+BuQ1h28j4LyoSTSCgYoh0xCcHTOuXXCUsjqDFLFUV23lBuQjh28j:bv288yoSGC90caoUqDtFY23/l28
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14435BF9262D7FC81E9660BB1DF2EC3DC632DBD08455E67A6211BBE392472231C4A7F05
sha3_384: 4a492736b8dc52fba26295d338d5d275f9a8fa3ff9d3478ad915ba8df29713fdd935a95b98e733bd58fb278a2fc009f4
ep_bytes: ff250020400000000000000000000000
timestamp: 2049-06-08 12:33:11

Version Info:

Translation: 0x0000 0x04b0
Comments:
CompanyName:
FileDescription:
FileVersion: 1.0.0.0
InternalName: Locker.exe
LegalCopyright:
LegalTrademarks:
OriginalFilename: Locker.exe
ProductName:
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ransom:MSIL/Hibotibo.AA!MTB also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Encoder.U!c
tehtrisGeneric.Malware
DrWebTrojan.EncoderNET.105
MicroWorld-eScanGen:Heur.Ransom.Imps.3
FireEyeGeneric.mg.318a50cb34cba932
MalwarebytesRansom.FileCryptor
ZillyaTrojan.Filecoder.Win32.33762
SangforRansom.Msil.Encoder.V7m1
K7AntiVirusTrojan ( 005b38351 )
AlibabaRansom:MSIL/Hibotibo.4d3800c9
K7GWTrojan ( 005b38351 )
BitDefenderThetaGen:NN.ZemsilF.36804.bn0@aOJwe8b
VirITTrojan.Win32.GenusT.DVXJ
SymantecTrojan Horse
Elasticmalicious (high confidence)
ESET-NOD32a variant of MSIL/Filecoder.BCL
APEXMalicious
TrendMicro-HouseCallRansom_Hibotibo.R011C0DCR24
Paloaltogeneric.ml
ClamAVWin.Packed.Formbook-10024438-0
KasperskyHEUR:Trojan-Ransom.MSIL.Encoder.gen
BitDefenderGen:Heur.Ransom.Imps.3
NANO-AntivirusTrojan.Win32.AVI.kkvfkk
AvastWin32:RansomX-gen [Ransom]
TencentMalware.Win32.Gencirc.10bfc525
EmsisoftGen:Heur.Ransom.Imps.3 (B)
F-SecureTrojan.TR/AVI.Ransom.ulkkt
VIPREGen:Heur.Ransom.Imps.3
TrendMicroRansom_Hibotibo.R011C0DCR24
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusGen.Ransom.Imps
GoogleDetected
AviraTR/AVI.Ransom.ulkkt
VaristW32/MSIL_Troj.DEJ.gen!Eldorado
Antiy-AVLTrojan[Ransom]/Win32.Dcrypt.a
KingsoftMSIL.Trojan-Ransom.Encoder.gen
MicrosoftRansom:MSIL/Hibotibo.AA!MTB
ArcabitTrojan.Ransom.Imps.3
ViRobotTrojan.Win.Z.Ransom.1078272
ZoneAlarmHEUR:Trojan-Ransom.MSIL.Encoder.gen
GDataGen:Heur.Ransom.Imps.3
AhnLab-V3Malware/Win.RansomX-gen.C5603741
ALYacTrojan.Ransom.Filecoder
Cylanceunsafe
PandaTrj/RansomGen.A
RisingRansom.Encoder!8.FFD4 (CLOUD)
MAXmalware (ai score=88)
MaxSecureTrojan.Malware.73702460.susgen
FortinetMSIL/Filecoder.BCL!tr.ransom
AVGWin32:RansomX-gen [Ransom]
DeepInstinctMALICIOUS
alibabacloudRansomWare:Win/Imps

How to remove Ransom:MSIL/Hibotibo.AA!MTB?

Ransom:MSIL/Hibotibo.AA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment