Categories: Ransom

What is “Ransom:Win32/Genasom.ID”?

The Ransom:Win32/Genasom.ID is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Genasom.ID virus can do?

Attempts to connect to a dead IP:Port (1 unique times)
A process attempted to delay the analysis task.
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Installs itself for autorun at Windows startup

Related domains:

www.87du.vip

How to determine Ransom:Win32/Genasom.ID?


File Info:
crc32: AF8092EDmd5: 5850abb71b88984dcd99df5b223f7d29name: svchast.exesha1: 62d44b37df880cb93c2c0f7d55ef066bd3cbfe5asha256: 66dba73f1e3b51b3750ad33f9774ec88cbd0cbe603357d41ec4d42f75f1bcecbsha512: 229be459c54e7a8e6fa92d839e7ac4a6cf6d364303167c2d332352dba76a9b4c85fe23a8fda68060bcf5da63244c3fbeabaa81f8e9ff1cf17f5920b65289868fssdeep: 49152:bTrT3aENk4gdekluBd1IDj6j1dxRF5zTaKbYEoc+s8KuqGaX0ToIBAUZLYqu9FUH:PQ4gdw3ogRFZoPJBAUZLbEUHtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: x4f5cx8005x7248x6743x6240x6709 x8bf7x5c0ax91cdx5e76x4f7fx7528x6b63x7248FileVersion: 1.0.0.0Comments: x672cx7a0bx5e8fx4f7fx7528x6613x8bedx8a00x7f16x5199(http://www.eyuyan.com)ProductName: Windows x670dx52a1x4e3bx8fdbx7a0bProductVersion: 1.0.0.0FileDescription: Windows x670dx52a1x4e3bx8fdbx7a0bTranslation: 0x0804 0x04b0

Ransom:Win32/Genasom.ID also known as:

Bkav	W32.AIDetectVM.malware
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 00521b151 )
K7GW	Trojan ( 00521b151 )
Cybereason	malicious.7df880
Invincea	heuristic
Cyren	W32/S-ea8e18be!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/FlyStudio.OPR
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Trojan.Win32.Gotango.gkdz
Alibaba	Trojan:Win32/Gotango.167f225c
NANO-Antivirus	Virus.Win32.Agent.dvixmz
Rising	Packer.Win32.Agent.f (CLASSIC)
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
F-Secure	Trojan.TR/Genasom.emtoc
TrendMicro	Ransom_Genasom.R01FC0DA620
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Paloalto	generic.ml
GData	Win32.Application.PUPStudio.A
Avira	TR/Genasom.emtoc
Endgame	malicious (high confidence)
Microsoft	Ransom:Win32/Genasom.ID
SUPERAntiSpyware	Trojan.Agent/Gen-OnlineGames
ZoneAlarm	Trojan.Win32.Gotango.gkdz
Acronis	suspicious
McAfee	Flyagent.d
VBA32	BScope.Trojan.BtcMine
TrendMicro-HouseCall	Ransom_Genasom.R01FC0DA620
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_94%
Fortinet	W32/Agent.SCLK!tr
BitDefenderTheta	Gen:NN.ZexaF.33558.Bs0@aiiqpPcb
AVG	Win32:Trojan-gen
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.f79