Ransom

Ransom:MSIL/Khonsari.A information

Malware Removal

The Ransom:MSIL/Khonsari.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:MSIL/Khonsari.A virus can do?

  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • CAPE detected the Khonsari malware family
  • Binary compilation timestomping detected

How to determine Ransom:MSIL/Khonsari.A?



File Info:

name: 6AC57A1E090E7ABDB9B7.mlw
path: /opt/CAPEv2/storage/binaries/f2e3f685256e5f31b05fc9f9ca470f527d7fdae28fa3190c8eba179473e20789
crc32: 65A3A7B5
md5: 6ac57a1e090e7abdb9b7212e058c43c6
sha1: 0a1e239348a73b1a95ac1767c8afebe4b98cdeff
sha256: f2e3f685256e5f31b05fc9f9ca470f527d7fdae28fa3190c8eba179473e20789
sha512: 95748e2a5c90440206a815960eb864b787562d9dbe5d57a3279ef71d24143ff6f0f963925836623bfcb02914c0c0dea3cc0f731860c88101710659c445287a9e
ssdeep: 384:uo95XKnTPKv8CtjGdcYprMRpEvA1SXs/177:phKTPCtF5SXst77
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19942D60566A89736C2FA0F79CCA3875103B1D7A1D977CF1E3CC8A21A9C9274447936BA
sha3_384: c613a77a556db0c8b11349accc7c0eacb82d9a667fa2557992763018990876881438dd06e78ba68faa7b8621034dcc23
ep_bytes: ff250020400000000000000000000000
timestamp: 2067-12-22 02:27:27


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: FecitAntiques
FileVersion: 1.0.0.0
InternalName: FecitAntiques.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: FecitAntiques.exe
ProductName: FecitAntiques
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Ransom:MSIL/Khonsari.A also known as:

LionicTrojan.MSIL.Encoder.j!c
Elasticmalicious (high confidence)
DrWebTrojan.EncoderNET.31
MicroWorld-eScanTrojan.GenericKD.38255775
FireEyeGeneric.mg.6ac57a1e090e7abd
ALYacTrojan.Ransom.Filecoder
SangforRansom.MSIL.Encoder.gen
K7AntiVirusTrojan ( 0058bc941 )
BitDefenderTrojan.GenericKD.38255775
K7GWTrojan ( 0058bc941 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34160.am0@aqcMuqf
VirITRansom.Win32.Khonsari.DED
CyrenW32/Ransom.RVBX-1540
SymantecRansom.Khonsari
ESET-NOD32a variant of MSIL/Filecoder.ANF
TrendMicro-HouseCallRansom.MSIL.KHONSARI.YXBLN
Paloaltogeneric.ml
ClamAVWin.Trojan.Khonsari-9915806-0
KasperskyHEUR:Trojan-Ransom.MSIL.Encoder.gen
AlibabaRansom:MSIL/Khonsari.32ea6fea
ViRobotTrojan.Win32.S.Khonsari.12800
RisingTrojan.Generic/MSIL@AI.91 (RDM.MSIL:VRn24xfNPr7HZHwyetYeZw)
Ad-AwareTrojan.GenericKD.38255775
SophosMal/Generic-R + Troj/Khonsari-A
ComodoMalware@#vh4pdgmvoxs8
F-SecureHeuristic.HEUR/AGEN.1109374
ZillyaTrojan.Filecoder.Win32.21238
TrendMicroRansom.MSIL.KHONSARI.YXBLN
McAfee-GW-EditionRDN/Ransom
EmsisoftTrojan.GenericKD.38255775 (B)
IkarusTrojan.SuspectCRC
JiangminTrojan.MSIL.alqnk
WebrootW32.Ransom.Khonsari
AviraHEUR/AGEN.1109374
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASSuf.4192A
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftRansom:MSIL/Khonsari.A
GDataMSIL.Trojan-Ransom.Khonsari.A
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Khonsari.R458604
McAfeeRDN/Ransom
VBA32TScope.Trojan.MSIL
PandaTrj/GdSda.A
APEXMalicious
TencentMsil.Trojan.Encoder.Wsan
YandexTrojan.Agent!0tKxNeW9714
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Filecoder.ANF!tr.ransom
AVGWin32:RansomX-gen [Ransom]
AvastWin32:RansomX-gen [Ransom]

How to remove Ransom:MSIL/Khonsari.A?

Ransom:MSIL/Khonsari.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment