Categories: Ransom

About “Ransom:Win32/Blocker!pz” infection

The Ransom:Win32/Blocker!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Blocker!pz virus can do?

A file was accessed within the Public folder.
Uses Windows utilities for basic functionality
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Touches a file containing cookies, possibly for information gathering

How to determine Ransom:Win32/Blocker!pz?


File Info:
name: 71923AEFCB6B074166FA.mlwpath: /opt/CAPEv2/storage/binaries/d2e5ddb6661ca0993b195975323171a5b44fbd323e294fd95db2b41096f36a3bcrc32: AB8B3E7Emd5: 71923aefcb6b074166fa96a872a21b1csha1: f83c75cc8a3090d9639111cfc360ae596393ac90sha256: d2e5ddb6661ca0993b195975323171a5b44fbd323e294fd95db2b41096f36a3bsha512: 3e617ab81b93ae4a027cf784a94566784fed5877b454728c3f794a9ad5ccba8bad0223bef859e8474774ea11c6ef1a882c9f88dfd4961a29da08a5e3376b58a3ssdeep: 49152:bDTOn6XJLrduEyztsR7OQzQzAmjqamm173f:bPO6dd/yzt67OU7apvtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A0A5137AF5D18437C1336E7CDC6B6754A83A7EE01D28208A7BE81C499F39781352A2D7sha3_384: aeb4ff23ea507e16ed0d49a73db64dd145a0f57020d4a7360d9474f27575338d41cc454f40d89cd710c09c6a620915deep_bytes: 558becb9280000006a006a004975f953timestamp: 1992-06-19 22:22:17
Version Info:
0: [No Data]

Ransom:Win32/Blocker!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Blocker.tpV6
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Symmi.27009
ClamAV	Win.Trojan.Mbrlock-9779766-0
FireEye	Generic.mg.71923aefcb6b0741
CAT-QuickHeal	Ransom.Blocker.19974
Skyhigh	BehavesLike.Win32.Generic.tc
McAfee	GenericRXDE-WO!71923AEFCB6B
Cylance	unsafe
Zillya	Trojan.Blocker.Win32.98725
Sangfor	Ransom.Win32.Save.a
K7AntiVirus	Trojan ( 00548e051 )
Alibaba	Trojan:Win32/Starter.ali1001008
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.c8a309
Arcabit	Trojan.Symmi.D6981
BitDefenderTheta	AI:Packer.6C5C7DC621
VirIT	Backdoor.RBot.BZ
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Injector.ERFT
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.Blocker.fqcy
BitDefender	Gen:Variant.Symmi.27009
NANO-Antivirus	Trojan.Win32.Dapato.bsjzfg
Avast	Win32:MBRlock-DV [Trj]
Tencent	Trojan.Win32.Blocker.zg
Emsisoft	Gen:Variant.Symmi.27009 (B)
F-Secure	Dropper.DR/Delphi.Gen
DrWeb	Trojan.DownLoader6.7779
VIPRE	Gen:Variant.Symmi.27009
Trapmine	malicious.high.ml.score
Sophos	Troj/Agent-BCQB
Ikarus	Trojan.Win32.Agent
Jiangmin	TrojanDropper.Dapato.gti
Webroot	W32.Trojan.Gen
Google	Detected
Avira	DR/Delphi.Gen
Antiy-AVL	GrayWare/Win32.Kryptik.ahho
Xcitium	TrojWare.Win32.Injector.HO@82j6jo
Microsoft	Ransom:Win32/Blocker!pz
ZoneAlarm	Trojan-Ransom.Win32.Blocker.fqcy
GData	Gen:Variant.Symmi.27009
Varist	W32/Injector.OZVT-2500
AhnLab-V3	Dropper/Win32.Dapato.R83155
VBA32	TrojanRansom.Blocker
ALYac	Gen:Variant.Symmi.27009
MAX	malware (ai score=81)
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
Rising	Ransom.Blocker!8.12A (TFE:4:U66Qx1HZP5U)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Dropper.XUQ!tr
AVG	Win32:MBRlock-DV [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)