Categories: Ransom

Ransom:Win32/Clop.PB!MTB removal instruction

The Ransom:Win32/Clop.PB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Clop.PB!MTB virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Enumerates running processes
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (Process Hollowing)
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Attempts to delete or modify volume shadow copies
Behavioural detection: Injection (inter-process)
Attempts to stop active services
Modifies boot configuration settings
Exhibits behavior characteristic of H1N1 downloader
CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
Attempts to disable Windows Defender
Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Clop.PB!MTB?


File Info:
name: 508914A4EEE4AF776422.mlwpath: /opt/CAPEv2/storage/binaries/56d178519f7c783a66404e366a3b8ffdf312ae9faa20a94e74c4462202402d73crc32: 1979510Cmd5: 508914a4eee4af776422a9598a4d99f9sha1: 90b257d507967fb031cd9dc790adff17bfc8e676sha256: 56d178519f7c783a66404e366a3b8ffdf312ae9faa20a94e74c4462202402d73sha512: 479f14f6009ea7dd031ce08dcb3a8574c50741aab775cb09ce4e2fd524a9eae9cfa7a4ad808445216b58cec0f5116697243867c5bc960cc874e98e975476befcssdeep: 1536:cVloOkSDrTP0Ny0zePi7JA5l25o5OWvM:cV+mDHMO5l25o8Wtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1DE739D62BC838173D71B147068318B9556BEA7EF17288A673748036EAFA1781F5363CDsha3_384: 52797a6e653ba014fe29cf817a4bf58df7b2df58acafc84b700540718c2b928e6b9e36a18b8a9ea903b6f36a520c4387ep_bytes: e8fa150000e978feffff8bff558bec8btimestamp: 2016-07-07 09:55:36
Version Info:
CompanyName: AlinSoftFileDescription: uCGnczrxPUAFileVersion: 6,2,3,7LegalCopyright: Copyright 1994 - 2016OriginalFilename: FuCGnczrxPUA.exeProductVersion: 6,2,3,7ProductName: FuCGnczrxPUATranslation: 0x0407 0x04e4

Ransom:Win32/Clop.PB!MTB also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransomware.Tescrypt.WR5
McAfee	GenericRXDK-EM!508914A4EEE4
Malwarebytes	Malware.AI.3022369323
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056fb141 )
BitDefender	Gen:Heur.Mint.Dreidel.eu0@xmVymhbi
K7GW	Trojan ( 0056fb141 )
Cybereason	malicious.4eee4a
ESET-NOD32	Win32/Zlader.L
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Chapak.gen
Alibaba	Trojan:Win32/Zlader.de12dc7c
NANO-Antivirus	Trojan.Win32.TrjGen.eekfml
MicroWorld-eScan	Gen:Heur.Mint.Dreidel.eu0@xmVymhbi
Avast	FileRepMalware [Trj]
Tencent	Malware.Win32.Gencirc.114b749a
Ad-Aware	Gen:Heur.Mint.Dreidel.eu0@xmVymhbi
Emsisoft	Gen:Heur.Mint.Dreidel.eu0@xmVymhbi (B)
Comodo	Malware@#25gw8w373aq9d
DrWeb	Trojan.PWS.Siggen1.54455
Zillya	Trojan.Zlader.Win32.60
TrendMicro	TROJ_HPZLADER.SM
McAfee-GW-Edition	BehavesLike.Win32.Generic.lh
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.508914a4eee4af77
Sophos	Mal/Generic-R + Troj/Agent-ASOZ
Ikarus	Trojan-Downloader.Win32.Small
GData	Gen:Heur.Mint.Dreidel.eu0@xmVymhbi
Jiangmin	Trojan.Chapak.ncz
Webroot	W32.Malware.Gen
Avira	TR/Crypt.XPACK.Gen8
Kingsoft	Win32.Troj.GenericKD.v.(kcloud)
SUPERAntiSpyware	Trojan.Agent/Gen-Zlader
ZoneAlarm	HEUR:Trojan.Win32.Chapak.gen
Microsoft	Ransom:Win32/Clop.PB!MTB
AhnLab-V3	Malware/Win32.Generic.C1498177
VBA32	BScope.TrojanRansom.Fury
ALYac	Gen:Heur.Mint.Dreidel.eu0@xmVymhbi
MAX	malware (ai score=100)
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_HPZLADER.SM
Rising	Trojan.Generic@AI.87 (RDML:gkVgw0/fWcN8TH/hMZU4uA)
Yandex	Trojan.Zlader!xBYdBgQeNlQ
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Generic.AP.54510
BitDefenderTheta	Gen:NN.ZexaF.34712.eu0@amVymhbi
AVG	FileRepMalware [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)