Ransom

Ransom:Win32/Milicry!rfn (file analysis)

Malware Removal

The Ransom:Win32/Milicry!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Milicry!rfn virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • A named pipe was used for inter-process communication
  • Reads data out of its own binary image
  • A process created a hidden window
  • Performs some HTTP requests
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Milicry!rfn?



File Info:

crc32: 010DAFCC
md5: 5881ace807c1515c2933652047d3d6fa
name: upload_file
sha1: cd16d082d5c26339b8356a6f574210fde9b9d7cf
sha256: 3d81b0cef95e45d0003faaf67b06924ebdb8a3b08b07d0e86393dd581963a65b
sha512: 42c57e7864d9ea0bb1aef71b6efc2d20a6dd8eea91142cea7293662be7536d1dd7221d1c94801a3c27911afabc70b9fdfbed1823430657c1f04d0f168b664478
ssdeep: 12288:AHxHbps6eCvIpbRuxw61WgdDfqwcVDYX4k:GTexpcxw6R4YXP
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (c) 2014 - . All rights reserved. labDVxfffd
InternalName: Lags
FileVersion: 7.8.9.4
CompanyName: labDVxfffd
FileDescription: Macsx Appraisals Eggheads Landscape Dropout
Comments: Macsx Appraisals Eggheads Landscape Dropout
ProductName: Lags
ProductVersion: 7.8.9.4
PrivateBuild: 7.8.9.4
OriginalFilename: Lags
Translation: 0x0409 0x04b0

Ransom:Win32/Milicry!rfn also known as:

BkavW32.AIDetectVM.malware1
MicroWorld-eScanTrojan.GenericKD.34249872
FireEyeGeneric.mg.5881ace807c1515c
McAfeeGenericRXBG-ZF!5881ACE807C1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 004f76a01 )
BitDefenderTrojan.GenericKD.34249872
K7GWTrojan ( 004f76a01 )
Cybereasonmalicious.807c15
TrendMicroMal_MiliCry-1h
BitDefenderThetaGen:NN.ZexaF.34138.Dq0@ae@BrCfi
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Filecoder.NHQ
TrendMicro-HouseCallMal_MiliCry-1h
Paloaltogeneric.ml
GDataTrojan.GenericKD.34249872
KasperskyTrojan-Ransom.Win32.SageCrypt.dcv
AlibabaRansom:Win32/SageCrypt.d72a2871
NANO-AntivirusTrojan.Win32.SageCrypt.falyiz
AegisLabTrojan.Win32.SageCrypt.j!c
APEXMalicious
RisingRansom.Milicry!8.A2F2 (CLOUD)
Ad-AwareTrojan.GenericKD.34249872
SophosMal/Generic-S
F-SecureTrojan.TR/AD.Sage.icukk
DrWebTrojan.Encoder.10781
ZillyaTrojan.SageCrypt.Win32.177
Invinceaheuristic
Trapminesuspicious.low.ml.score
EmsisoftTrojan.GenericKD.34249872 (B)
IkarusTrojan-Ransom.FileCrypter
JiangminTrojan.SageCrypt.hj
AviraTR/AD.Sage.icukk
MAXmalware (ai score=81)
Antiy-AVLTrojan/Win32.TSGeneric
ArcabitTrojan.Generic.D20A9C90
AhnLab-V3Win-Trojan/Sagecrypt.Gen
ZoneAlarmTrojan-Ransom.Win32.SageCrypt.dcv
MicrosoftRansom:Win32/Milicry!rfn
CynetMalicious (score: 100)
VBA32BScope.Trojan-Ransom.SageCrypt
ALYacTrojan.GenericKD.34249872
TACHYONRansom/W32.SageCrypt.475136
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b2ea82
YandexTrojan.SageCrypt!
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Generic.AP.C8398!tr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360HEUR/QVM10.1.89E2.Malware.Gen

How to remove Ransom:Win32/Milicry!rfn?

Ransom:Win32/Milicry!rfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment