Ransom

How to remove “Ransom:Win32/RADAMANT.DA!MTB”?

Malware Removal

The Ransom:Win32/RADAMANT.DA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Ransom:Win32/RADAMANT.DA!MTB virus can do?

  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Exhibits behavior characteristic of Radamant ransomware
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Ransom:Win32/RADAMANT.DA!MTB?


File Info:

crc32: 9193C9A8
md5: 71a44d53b4d2ef9a9f04861e9756575a
name: 71A44D53B4D2EF9A9F04861E9756575A.mlw
sha1: 7dcda583c7ee23edbf66146e368b08ea6b65d28a
sha256: 945a6a91833b9b4bca4a9af849f5b8f2888b6da34de8aae0ae746c43ad738454
sha512: 03a62da227882788f3c9a7a5281d8724d733ef96b4e524c45f7d336a10cd05fe667a88e33ebde1d8ac3598f965bd9b42cf9144397ccb66b1f3a254655e226c0d
ssdeep: 768:7R8ElAvOs4CTfOgGYdlNGCizSHdq12UMx9s6zAKSXwa/2TceuXY4J:7NlafjVsrODKpKSXITitJ
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed

Version Info:

LegalCopyright: Microsoft Corporation
InternalName:
FileVersion: 9
CompanyName: Microsoft Corporation
LegalTrademarks: Microsoft Corporation
ProductName: DirectX
ProductVersion: 9
FileDescription: Microsoftxae DirectX x86
OriginalFilename: directx.exe
Translation: 0x0409 0x04e4

Ransom:Win32/RADAMANT.DA!MTB also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.3563
ALYacDropped:Generic.Malware.SF.33845FD1
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.8128
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004bcce41 )
K7AntiVirusTrojan ( 004bcce41 )
CyrenW32/Heuristic-114!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Filecoder.Radamant.A
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Radam.g
BitDefenderDropped:Generic.Malware.SF.33845FD1
MicroWorld-eScanDropped:Generic.Malware.SF.33845FD1
TencentTrojan.Win32.Radam.a
Ad-AwareDropped:Generic.Malware.SF.33845FD1
SophosML/PE-A + Troj/Radam-A
ComodoTrojWare.Win32.Ransom.Radamcrypt.D@6b1xdw
BitDefenderThetaAI:Packer.FF7F61F11C
McAfee-GW-EditionBehavesLike.Win32.Fake.ct
FireEyeGeneric.mg.71a44d53b4d2ef9a
EmsisoftDropped:Generic.Malware.SF.33845FD1 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Radam.c
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.16735F4
MicrosoftRansom:Win32/RADAMANT.DA!MTB
ArcabitGeneric.Malware.SF.33845FD1
ZoneAlarmTrojan-Ransom.Win32.Radam.g
GDataDropped:Generic.Malware.SF.33845FD1
Acronissuspicious
McAfeeGenericRXGI-DT!71A44D53B4D2
MAXmalware (ai score=80)
VBA32BScope.Trojan.MulDrop
MalwarebytesMalware.AI.4087248295
YandexTrojan.GenAsa!YLID/xg5TU0
IkarusTrojan-Ransom.Radamant
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Radamant.A!tr.ransom
AVGWin32:Malware-gen

How to remove Ransom:Win32/RADAMANT.DA!MTB?

Ransom:Win32/RADAMANT.DA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment