Ransom

Ransom:Win32/Filecoder.BA!MTB (file analysis)

Malware Removal

The Ransom:Win32/Filecoder.BA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:Win32/Filecoder.BA!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Filecoder.BA!MTB?


File Info:

crc32: 13F88AD0
md5: 3850bcf90381787eefe963f5f0e79139
name: 3850BCF90381787EEFE963F5F0E79139.mlw
sha1: 08820d1c399e6a634b3db4c06af2b3b07689fa0c
sha256: 6906a72cfe38eb73bc668e6d0e7558997e365a6aa3760f77ab1dda6d88cc81d0
sha512: 971568d3f1894d7a10803379ff0a45193fecb2c81bd241e80dbc56bd3c9e66dcad1487d2422f68caf7cb39bc4e64a36674a3c86de3bccbf832be11a820b14723
ssdeep: 3072:IYw83gIOxBHMm/XXMWAbne15F39lgRhZc/ZsJj0bmwwUzX:I5bMm/sFby39lgRfc/ZRCNU
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Ransom:Win32/Filecoder.BA!MTB also known as:

BkavW32.AIDetect.malware1
K7AntiVirusRiskware ( 0040eff71 )
Elasticmalicious (high confidence)
DrWebBackDoor.Meterpreter.119
ALYacGeneric.Ransom.Conti.22E252CF
ZillyaTrojan.Rozena.Win32.99508
CrowdStrikewin/malicious_confidence_60% (D)
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.903817
ESET-NOD32a variant of Win32/Rozena.SA
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Ransomware.Conti-9826703-0
KasperskyHEUR:Trojan.Win32.DelShad.gen
BitDefenderGeneric.Ransom.Conti.22E252CF
NANO-AntivirusTrojan.Win32.Meterpreter.hounis
MicroWorld-eScanGeneric.Ransom.Conti.22E252CF
TencentMalware.Win32.Gencirc.11a8eff7
Ad-AwareGeneric.Ransom.Conti.22E252CF
TrendMicroRansom.Win32.CONTI.SMW
McAfee-GW-EditionBehavesLike.Win32.Emotet.dc
FireEyeGeneric.Ransom.Conti.22E252CF
EmsisoftGeneric.Ransom.Conti.22E252CF (B)
JiangminTrojan.Banker.Emotet.nzj
Antiy-AVLTrojan/Generic.ASMalwS.30C1CEE
MicrosoftRansom:Win32/Filecoder.BA!MTB
GDataGeneric.Ransom.Conti.22E252CF
AhnLab-V3Trojan/Win.GT.R420309
McAfeeRDN/Ransom
MAXmalware (ai score=86)
VBA32BScope.Backdoor.Emotet
MalwarebytesMalware.AI.3740734076
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom.Win32.CONTI.SMW
RisingTrojan.Kryptik!1.C80C (CLASSIC)
FortinetW32/GenKryptik.EOUY!tr
AVGWin32:Malware-gen

How to remove Ransom:Win32/Filecoder.BA!MTB?

Ransom:Win32/Filecoder.BA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment