What is “Ransom:Win32/Gpcode.B”?

The Ransom:Win32/Gpcode.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Ransom:Win32/Gpcode.B virus can do?

The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs

How to determine Ransom:Win32/Gpcode.B?


File Info:
crc32: 7A6E8335
md5: 0c361f940981a75e635d5521b0a60fec
name: 0C361F940981A75E635D5521B0A60FEC.mlw
sha1: 3a6172c8c55f989cd4e52aa6b9ea6cd4b424f71f
sha256: 15d6b716edc96f9ed822759cc59a297beb1200090dee130e80688c9466441f7d
sha512: 541e239d14a1f710d2b85116b23af0202ee5bdce65d59db58a516cf740723b44c522147ccd1cde3bd18f95771b7578656b2755d5792779da2ba701aa319598d3
ssdeep: 1536:n+qKEk49s2/lYsQS6NNCb4GgUNQBCNkWhrDVX8:nLps2M7NY9/NQBCeWhr
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
0: [No Data]

Ransom:Win32/Gpcode.B also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 004b424e1 )
DrWeb	Trojan.PGPCrypt.3
Cynet	Malicious (score: 100)
ALYac	Trojan.Gpcode.C
Cylance	Unsafe
Zillya	Trojan.Gpcode.Win32.3
Sangfor	Ransom.Win32.Gpcode.e
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Gpcode.e60bcd05
K7GW	Trojan ( 004b424e1 )
Cybereason	malicious.40981a
Cyren	W32/Trojan.QCYO-6626
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Gpcode.E
APEX	Malicious
Avast	Win32:Pgcoder
ClamAV	Win.Trojan.Gpcode-7
Kaspersky	Trojan-Ransom.Win32.Gpcode.e
BitDefender	Trojan.Gpcode.C
NANO-Antivirus	Trojan.Win32.Gpcode.esig
MicroWorld-eScan	Trojan.Gpcode.C
Tencent	Win32.Virus.Gpcode.Fry
Ad-Aware	Trojan.Gpcode.C
Sophos	Mal/Generic-R + Troj/Gpcode-C
Comodo	Win32.Gpcode.E@2xru
BitDefenderTheta	Gen:NN.ZexaF.34688.dmGfaCKuPjp
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_PGPCODER.B
McAfee-GW-Edition	BehavesLike.Win32.Generic.qc
FireEye	Trojan.Gpcode.C
Emsisoft	Trojan.Gpcode.C (B)
Jiangmin	Trojan/Gpcode.c
Webroot	Trojan:Win32/Gpcode.B
Avira	TR/Gpcode.E
eGambit	Unsafe.AI_Score_99%
Microsoft	Ransom:Win32/Gpcode.B
AegisLab	Trojan.Win32.Gpcode.tqRI
GData	Trojan.Gpcode.C
TACHYON	Trojan/W32.Gpcode.118784
AhnLab-V3	Trojan/Win32.HDC.C26217
McAfee	Artemis!0C361F940981
MAX	malware (ai score=100)
VBA32	Trojan-Ransom.Gpcode
Panda	Trj/PGPCoder.B
TrendMicro-HouseCall	TROJ_PGPCODER.B
Rising	Ransom.Gpcode!8.568 (CLOUD)
Yandex	Trojan.GenAsa!kT/sDFOc0YI
Ikarus	Trojan-Ransom.Agent
MaxSecure	Trojan.Malware.2018611.susgen
Fortinet	W32/Gpcode.C!tr
AVG	Win32:Pgcoder
Paloalto	generic.ml

How to remove Ransom:Win32/Gpcode.B?

Ransom:Win32/Gpcode.B removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X