Categories: Ransom

Ransom:Win32/Conti.ZCI!dha information

The Ransom:Win32/Conti.ZCI!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Conti.ZCI!dha virus can do?

Behavioural detection: Executable code extraction – unpacking
A file was accessed within the Public folder.
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Russian
Creates an autorun.inf file
Authenticode signature is invalid
Performs a large number of encryption calls using the same key possibly indicative of ransomware file encryption behavior
CAPE detected the Conti malware family
Detects Bochs through the presence of a registry key
Yara detections observed in process dumps, payloads or dropped files

How to determine Ransom:Win32/Conti.ZCI!dha?


File Info:
name: 4079BB9BC8295EFBC884.mlwpath: /opt/CAPEv2/storage/binaries/036a4795d259d36b3396cd3a0fd46d4a103337c96fe911f5c362d5682bd58ba9crc32: 1702CA2Amd5: 4079bb9bc8295efbc884f5fa7de3efdcsha1: fc8a7707303c2ca8552e306895da1b8e725b9cc4sha256: 036a4795d259d36b3396cd3a0fd46d4a103337c96fe911f5c362d5682bd58ba9sha512: 1ffee9f2c573f5bb3bde58c83be637d72974471bfaf730635909d8a2ec50ccecdb1a92cf55d550e57d52411e77b2b7a525b78f91ec7cfb6a573ba3d557d84399ssdeep: 49152:ceBYU0s3nQf1CreMrSvVY5SjfI3CAlhKaPLgitPmDnea8jBkUJN7vP:cKJ0sAf1xMrSvVY5SjfIy+hKaDg1DnbQtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T164D509921108F05EDA646478069C63C360564F74ABA5DBBB3FD19CEA6E8F6733A03533sha3_384: ac87e2e252f4d6a7fbd1a3c774b62610fb427534f3e8152e51e48825a0e073befcd6c393bf349cfbb20cd19ae99fda5fep_bytes: e8dd050000e97afeffff558bec8b4508timestamp: 2021-04-30 12:55:29
Version Info:
0: [No Data]

Ransom:Win32/Conti.ZCI!dha also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Gen:Variant.Trickbot.Zusy.54
FireEye	Generic.mg.4079bb9bc8295efb
Skyhigh	BehavesLike.Win32.Generic.vh
McAfee	Artemis!4079BB9BC829
Cylance	unsafe
Zillya	Trojan.Kryptik.Win32.3171244
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Ransom:Win32/Conti.1de7a069
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.bc8295
BitDefenderTheta	Gen:NN.ZexaF.36802.0wW@aicDiVoc
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HKUT
APEX	Malicious
Kaspersky	UDS:Trojan.Win32.Generic
BitDefender	Gen:Variant.Trickbot.Zusy.54
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:RansomX-gen [Ransom]
Tencent	Win32.Trojan.Agen.Nzfl
Emsisoft	Gen:Variant.Trickbot.Zusy.54 (B)
F-Secure	Trojan.TR/Crypt.Agent.gicld
VIPRE	Gen:Variant.Trickbot.Zusy.54
Trapmine	suspicious.low.ml.score
Sophos	Generic Reputation PUA (PUA)
GData	Gen:Variant.Trickbot.Zusy.54
Jiangmin	Trojan.Strab.chy
Google	Detected
Avira	TR/Crypt.Agent.gicld
Arcabit	Trojan.Trickbot.Zusy.54
ZoneAlarm	UDS:Trojan.Win32.Generic
Microsoft	Ransom:Win32/Conti.ZCI!dha
Cynet	Malicious (score: 99)
AhnLab-V3	Ransomware/Win.Conti.C4452666
VBA32	BScope.TrojanRansom.Conti
ALYac	Gen:Variant.Trickbot.Zusy.54
MAX	malware (ai score=87)
Malwarebytes	Generic.Malware.AI.DDS
Rising	Ransom.Conti!8.11736 (TFE:5:8XJ4DeKjZWC)
Ikarus	Trojan.SuspectCRC
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Kryptik.HKUT!tr
AVG	Win32:RansomX-gen [Ransom]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan:Win/Kryptik.HKUT