Ransom:Win32/Hermes!mclg information

The Ransom:Win32/Hermes!mclg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Ransom:Win32/Hermes!mclg virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• NtSetInformationThread: attempt to hide thread from debugger
• Possible date expiration check, exits too soon after checking local time
• Guard pages use detected – possible anti-debugging.
• Dynamic (imported) function loading detected
• Enumerates the modules from a process (may be used to locate base addresses in process injection)
• Enumerates running processes
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Checks for the presence of known windows from debuggers and forensic tools
• CAPE detected the EnigmaStub malware family
• Checks for the presence of known devices from debuggers and forensic tools
• Detects Bochs through the presence of a registry key
• Harvests cookies for information gathering
• Collects information to fingerprint the system
• Anomalous binary characteristics

How to determine Ransom:Win32/Hermes!mclg?

File Info:
name: A9D830939FC4C9CE01F3.mlw
path: /opt/CAPEv2/storage/binaries/7a303839ab7376e4bbd221994662c07f37da0500c38edccbb9bf5b45a40f1a2a
crc32: 06B4D668
md5: a9d830939fc4c9ce01f35aa0c79c84ed
sha1: 88f0a6c530c87af9c124c156e3efd75f85e44f31
sha256: 7a303839ab7376e4bbd221994662c07f37da0500c38edccbb9bf5b45a40f1a2a
sha512: 7866021594996da8114ce3c8df33f1eeef4009bbbd37a6b1063f27e6085ad4d46e29a458776df0c0fea78655b3a0e1e6ac08a947614c0a062d200eaa6eb1c0dd
ssdeep: 98304:+7GrJxx5LbqZ2UFzjPhtBHnDikLgP3TIEzk:+Wxx5GZxFfPop8
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T17D3633626BB33B89D35AC7336BA4388E7C60505B7ED962C79238E190E713F7826D550C
sha3_384: 04d90d3220d0478ade1f7adf7103679381e602c69977de8e31335d4c65e44f7b16af7938761a43d66a039ad4925de83d
ep_bytes: eb08003e25000000000060e800000000
timestamp: 2021-05-26 12:36:47

Version Info:
0: [No Data]

Ransom:Win32/Hermes!mclg also known as:

How to remove Ransom:Win32/Hermes!mclg?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.