Ransom

Should I remove “Ransom:Win32/Gandcrab.AR!MTB”?

Malware Removal

The Ransom:Win32/Gandcrab.AR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Gandcrab.AR!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Attempts to stop active services
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Ransom:Win32/Gandcrab.AR!MTB?



File Info:

crc32: 48307382
md5: 837ffeddeda19e0eb365385ff60a0bf8
name: 837FFEDDEDA19E0EB365385FF60A0BF8.mlw
sha1: 6bf03442462b7d38284ea95b6ec72a29e3231bb9
sha256: 9dd99b4326fd85ee47e55a2f2b99700fab54a4152bc11c20d06bc56fae928ae4
sha512: 8ebe2c56d2cab3cbeed11ed4ae77f5c41eb0f528f1041932710c85969ab5bc6decab21463b95b7f31af36a1b91c745870073c3f2441ac43ad999e5e4f365283d
ssdeep: 3072:TbvCLg20AZBGEuhNYR8TBy1iPIFj1aYErvStKqFMzWQ5Pdq9uOeA:TOLg20qBEhNRTBm7F5a16tPMzW0muO
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2020, jlfvjs
InternalName: dvezejzaz.em
FileVersion: 1.4.23.4
Translation: 0x0811 0x0528

Ransom:Win32/Gandcrab.AR!MTB also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0056809d1 )
LionicTrojan.Win32.Zenpak.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.31884
CynetMalicious (score: 100)
ALYacTrojan.Ransom.Sodinokibi
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.2039204
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Gandcrab.ffe0025c
K7GWTrojan ( 005672171 )
Cybereasonmalicious.deda19
CyrenW32/Ulise.BI.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HDNC
APEXMalicious
AvastWin32:BankerX-gen [Trj]
ClamAVWin.Dropper.Tofsee-7900643-0
KasperskyHEUR:Backdoor.Win32.Tofsee.vho
BitDefenderTrojan.GenericKDZ.67286
NANO-AntivirusTrojan.Win32.Tofsee.isbjty
MicroWorld-eScanTrojan.GenericKDZ.67286
TencentWin32.Trojan.Zenpak.Dzjz
Ad-AwareTrojan.GenericKDZ.67286
SophosMal/Generic-S
ComodoMalware@#1hqpy680rx7b0
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.837ffeddeda19e0e
EmsisoftTrojan.GenericKDZ.67286 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Chapak.jou
AviraTR/Crypt.Agent.bdiuf
Antiy-AVLTrojan/Generic.ASMalwS.307DB33
MicrosoftRansom:Win32/Gandcrab.AR!MTB
GDataTrojan.GenericKDZ.67286
AhnLab-V3Trojan/Win.MalPe.X2068
Acronissuspicious
McAfeePacked-GBE!837FFEDDEDA1
MAXmalware (ai score=80)
VBA32Trojan.Zenpak
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
RisingTrojan.Kryptik!1.C6DF (CLASSIC)
YandexTrojan.Kryptik!Gkywl5tqnGE
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.73872809.susgen
FortinetW32/Kryptik.HDSW!tr
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml

How to remove Ransom:Win32/Gandcrab.AR!MTB?

Ransom:Win32/Gandcrab.AR!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment