What is “Ransom:Win32/BlackCat.F”?

The Ransom:Win32/BlackCat.F is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:Win32/BlackCat.F virus can do?

Authenticode signature is invalid
Anomalous binary characteristics
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Ransom:Win32/BlackCat.F?


File Info:
name: EA912CC96DCC39534819.mlw
path: /opt/CAPEv2/storage/binaries/d837d93ca4f5ed27056b2c78c468ada54b23e46982d1240c0b01b501f354c750
crc32: 29009383
md5: ea912cc96dcc395348192fd925fec189
sha1: ed2f29a2584d06188cb92d5fe4c66b1a261490a8
sha256: d837d93ca4f5ed27056b2c78c468ada54b23e46982d1240c0b01b501f354c750
sha512: 1b4a44773bf18e83e5d634aabf23d71bf0a74a8254ee01b98bdda66e46fb38cebdbbd562dd13ee1b1cf403f37ffceb49d1aeb2037a2a7610e24c119109ba7027
ssdeep: 196608:Yl2nwfsBPkWpv1tzq8dd+0wyf71v9o2Jkd8FOxZJpaeFfa3Mm:YsnwfGPkWpv1tzPIWQ2GH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15DE66B59F44BA8BDFABE7470647EF73699A4082860271C77CD8ADE70A59F7312C4810E
sha3_384: ea00e02c502ebc15e54f8fd95b31d2dcefff58d5a4ae23f0c25e8519dd6b70327cf86978f99621e9f11731443fe77b67
ep_bytes: c70524310b0101000000e9b1fcffff90
timestamp: 2023-11-06 15:24:26

Version Info:
0: [No Data]

Ransom:Win32/BlackCat.F also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.j!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Ransom.BlackCatALPHV.18
Skyhigh	BehavesLike.Win32.Dropper.th
McAfee	Artemis!EA912CC96DCC
Malwarebytes	Generic.Malware/Suspicious
VIPRE	Gen:Variant.Ransom.BlackCatALPHV.18
Sangfor	Ransom.Win32.Blackcat.Vlhz
BitDefender	Gen:Variant.Ransom.BlackCatALPHV.18
Arcabit	Trojan.Ransom.BlackCatALPHV.18
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.GEIK
Kaspersky	HEUR:Trojan-Ransom.Win32.Generic
Rising	Trojan.Generic@AI.100 (RDML:90mcgnHsbHsFZPxdRyMtlQ)
Sophos	Mal/Blackcat-A
Google	Detected
FireEye	Gen:Variant.Ransom.BlackCatALPHV.18
Emsisoft	Gen:Variant.Ransom.BlackCatALPHV.18 (B)
Ikarus	Trojan.Win32.Agent
Varist	W32/ABRansom.DTKI-7702
MAX	malware (ai score=84)
Microsoft	Ransom:Win32/BlackCat.F
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Generic
GData	Gen:Variant.Ransom.BlackCatALPHV.18
Cynet	Malicious (score: 100)
AhnLab-V3	Ransomware/Win.BlackCat.C5391875
ALYac	Gen:Variant.Ransom.BlackCatALPHV.18
DeepInstinct	MALICIOUS
Panda	Trj/RansomGen.A
TrendMicro-HouseCall	Ransom_BlackCat.R002C0DKA23
Tencent	Win32.Trojan-Ransom.Generic.Yimw
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/BlackCat.A!tr.ransom
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Ransom:Win32/BlackCat.F?

Ransom:Win32/BlackCat.F removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X