Ransom:Win32/Ascrirac.A (file analysis)

The Ransom:Win32/Ascrirac.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Ascrirac.A virus can do?

A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
Uses Windows utilities for basic functionality
Deletes its original binary from disk
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Writes a potential ransom message to disk
Attempts to modify proxy settings
Creates a copy of itself
Connects to Tor Hidden Services through a Tor gateway
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

5sse6j4kdaeh3yus.onion.cab

5sse6j4kdaeh3yus.tor2web.org

How to determine Ransom:Win32/Ascrirac.A?


File Info:
crc32: 05C4E41A
md5: 0d0cb6c8cb86b4b063b022cc8208196f
name: 0D0CB6C8CB86B4B063B022CC8208196F.mlw
sha1: 76ac0ca9ed50eeab7d5165c3cae4ab63ad6ccf4b
sha256: 96e42d0c7d8ca6584563208c2ca3c41c7356199b495c948bb5a963ef83c55c69
sha512: 8314a0cbddee5b1d32af032d6e694d94a0e5b228ff0ccc0fcbcff83e20e9f229651a72ce209c1a81fc4a1b67a38694153c43264e18794f6e6957a31363976bc3
ssdeep: 6144:ZYQ/9bno1GyI6g3VQQoUC8/bDLXhDTBzlHKAON1QLb26/VIF:ZYQmTIzVQQZP/jXhDTFlHKtQLb2GI
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Ransom:Win32/Ascrirac.A also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 004df5701 )
Lionic	Trojan.Win32.Dapato.a!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.888
Cynet	Malicious (score: 100)
ALYac	Gen:Heur.Ransom.REntS.Gen.1
Cylance	Unsafe
Zillya	Trojan.Filecoder.Win32.10574
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Ransom:Win32/Bitman.ead864b7
K7GW	Trojan ( 004df5701 )
Cybereason	malicious.8cb86b
ESET-NOD32	a variant of Win32/Filecoder.TeslaCrypt.A
APEX	Malicious
Avast	Win32:CryptoLocker-C [Trj]
Kaspersky	Trojan-Ransom.Win32.Bitman.m
BitDefender	Gen:Heur.Ransom.REntS.Gen.1
NANO-Antivirus	Trojan.Win32.Dapato.dobeto
MicroWorld-eScan	Gen:Heur.Ransom.REntS.Gen.1
Tencent	Win32.Trojan.Bp-ransomware.Ejqz
Ad-Aware	Gen:Heur.Ransom.REntS.Gen.1
Comodo	Malware@#zhfpc64ktxam
BitDefenderTheta	Gen:NN.ZexaF.34796.CqX@aqWYdVji
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_Ascrirac.R066C0DF221
FireEye	Generic.mg.0d0cb6c8cb86b4b0
Emsisoft	Gen:Heur.Ransom.REntS.Gen.1 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Bitman.ayl
Avira	TR/FileCoder.466945
Antiy-AVL	Trojan/Generic.ASMalwS.E6753B
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Ransom:Win32/Ascrirac.A
Arcabit	Trojan.Ransom.REntS.Gen.1
GData	Gen:Heur.Ransom.REntS.Gen.1
AhnLab-V3	Malware/Win32.Generic.C834706
McAfee	Artemis!0D0CB6C8CB86
MAX	malware (ai score=82)
VBA32	BScope.TrojanRansom.Bitman
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_Ascrirac.R066C0DF221
Rising	Trojan.Generic@ML.85 (RDML:MDrI6N4iQn7NRwsxyrCEQg)
Yandex	Trojan.GenAsa!ma0tpPcnIDI
Ikarus	Trojan-Ransom.TeslaCrypt
MaxSecure	Trojan.Malware.74621722.susgen
Fortinet	W32/TeslaCrypt.A!tr.ransom
AVG	Win32:CryptoLocker-C [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Bitman.HgIASOYA

How to remove Ransom:Win32/Ascrirac.A?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Ransom:Win32/Ascrirac.A (file analysis)