Ransom:Win32/Avaddon.PA!MTB (file analysis)

Malware Removal

The Ransom:Win32/Avaddon.PA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/Avaddon.PA!MTB virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Clears Windows events or logs
  • Creates a copy of itself
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
api.myip.com
ocsp.digicert.com

How to determine Ransom:Win32/Avaddon.PA!MTB?


File Info:

crc32: 5C77AD84
md5: c9ec0d9ff44f445ce5614cc87398b38d
name: jpr.exe
sha1: 591ffe54bac2c50af61737a28749ff8435168182
sha256: 05af0cf40590aef24b28fa04c6b4998b7ab3b7f26e60c507adb84f3d837778f2
sha512: c340baeb66fc46830b6b77b2583033ade6e10b3de04d82ece7e241107afe741442585bf2ea9d6496af93143c37e9676d4f1e1d301d55632b88b12daadadd43f0
ssdeep: 24576:Cs6JmdFn5KLOCgHWcAvcrOcEsKfR9uA7rmFbbbbpccf:Cs6JY5KLOCyWcDUfRAA3mFbbbbpc4
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/Avaddon.PA!MTB also known as:

MicroWorld-eScanTrojan.GenericKD.33966780
FireEyeGeneric.mg.c9ec0d9ff44f445c
CAT-QuickHealTrojan.Multi
McAfeeGenericRXKX-QM!C9EC0D9FF44F
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.33966780
K7GWRiskware ( 0040eff71 )
Invinceaheuristic
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/Filecoder.OCM
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Ransom.Win32.Rack.iyp
AlibabaRansom:Win32/Avaddon.aebfb50f
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan.Raas.Auto
Ad-AwareTrojan.GenericKD.33966780
EmsisoftTrojan.GenericKD.33966780 (B)
F-SecureTrojan.TR/AD.RansomHeur.oiyco
DrWebTrojan.DownLoader33.50335
TrendMicroRansom_Rack.R03BC0WF520
SophosTroj/Ransom-FZC
IkarusTrojan-Ransom.FileCrypter
MaxSecureTrojan.Malware.101961234.susgen
AviraTR/AD.RansomHeur.oiyco
MicrosoftRansom:Win32/Avaddon.PA!MTB
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D2064ABC
ZoneAlarmTrojan-Ransom.Win32.Rack.iyp
GDataTrojan.GenericKD.33966780
TACHYONRansom/W32.Avaddon.1078784
AhnLab-V3Trojan/Win32.RansomCrypt.C4115902
BitDefenderThetaGen:NN.ZexaF.34126.brW@aSd6T5o
ALYacTrojan.Ransom.Avaddon
MAXmalware (ai score=100)
MalwarebytesRansom.Avaddon
TrendMicro-HouseCallRansom_Rack.R03BC0WF520
RisingRansom.Rack!8.2ED (CLOUD)
eGambitUnsafe.AI_Score_90%
FortinetW32/Filecoder.OCM!tr.ransom
WebrootW32.Trojan.GenKD
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.Ransom.c97

How to remove Ransom:Win32/Avaddon.PA!MTB?

Ransom:Win32/Avaddon.PA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment