Ransom

What is “Ransom:Win32/Genasom”?

Malware Removal

The Ransom:Win32/Genasom is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Genasom virus can do?

  • Creates RWX memory
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Network activity detected but not expressed in API logs

How to determine Ransom:Win32/Genasom?



File Info:

crc32: B3ED9540
md5: 10bc8a66ffe85a5eb04d5dd463204318
name: WinLocker-Builder.exe
sha1: e0df54485e4fba5af4ff0a61c022f794a5ba25d1
sha256: 3def8e9db50996046391a345099f3f7b023f8e0e26356702f73743e25d5716f8
sha512: 3d833e8083cb4e781b7572eedc89d4c94ea91a04a77f0e7727ff8bb4d16bb8887c19b6a2470e90a2cf714bdf72d26679075f7c7f4127e1c504182955808b99e8
ssdeep: 6144:eUKmfbTAYbMLaOphVx4bu9xJjF1031CP82ooSaYq:eUvfHfMLaOpXKbOjj/sNLoSbq
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: 
InternalName: 
FileVersion: 0.2.0.0
CompanyName: VAN32
LegalTrademarks: 
Comments: 
ProductName: 
ProductVersion: 0.2.0.0
FileDescription: WinLocker Builder
OriginalFilename: 
Translation: 0x0419 0x04e3

Ransom:Win32/Genasom also known as:

MicroWorld-eScanTrojan.Generic.7992186
FireEyeTrojan.Generic.7992186
CAT-QuickHealTrojanRansom.Blocker
McAfeeGeneric.dx!10BC8A66FFE8
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 7000000f1 )
BitDefenderTrojan.Generic.7992186
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.6ffe85
BitDefenderThetaGen:NN.ZelphiF.34090.tmKfaGQ!m2kk
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/LockScreen.AFL
BaiduWin32.Trojan.LockScreen.bk
TrendMicro-HouseCallTROJ_RANSOM.SMC1
AvastWin32:Dropper-gen [Drp]
ClamAVWin.Trojan.Scar-8454
GDataTrojan.Generic.7992186
KasperskyTrojan-Ransom.Win32.Blocker.hnwj
AlibabaRansom:Win32/Blocker.1c7ff9f7
NANO-AntivirusTrojan.Win32.Winlock.bqdzr
AegisLabTrojan.Win32.Blocker.4!c
RisingRansom.Blocker!8.12A (CLOUD)
Ad-AwareTrojan.Generic.7992186
SophosTroj/Agent-AONU
ComodoMalware@#31gkmalbfnlt4
F-SecureTrojan.TR/Rogue.325120
DrWebTrojan.Winlock.2959
ZillyaDropper.Agent.Win32.57552
TrendMicroTROJ_RANSOM.SMC1
McAfee-GW-EditionBehavesLike.Win32.Gnamer.fc
EmsisoftTrojan.Generic.7992186 (B)
JiangminTrojanDropper.Agent.atjw
AviraTR/Rogue.325120
Antiy-AVLTrojan[Ransom]/Win32.Birele
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D79F37A
AhnLab-V3Trojan/Win32.Birele.C957512
ZoneAlarmTrojan-Ransom.Win32.Blocker.hnwj
MicrosoftRansom:Win32/Genasom
TotalDefenseWin32/Ransom.AWS
ALYacTrojan.Generic.7992186
MAXmalware (ai score=100)
VBA32Hoax.Birele
PandaGeneric Malware
TencentMalware.Win32.Gencirc.10b1a9c6
YandexTrojan.DR.Agent!PM89YJOqyD0
IkarusTrojan.Win32.Scar
FortinetW32/Agent.DRQL!tr
WebrootW32.Trojan.Ransom.CN
AVGWin32:Dropper-gen [Drp]
CrowdStrikewin/malicious_confidence_60% (W)
Qihoo-360Win32/Trojan.Ransom.6a5

How to remove Ransom:Win32/Genasom?

Ransom:Win32/Genasom removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment