Ransom

About “Ransom:Win32/Shieldcrypt.A” infection

Malware Removal

The Ransom:Win32/Shieldcrypt.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Shieldcrypt.A virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Romanian
  • The binary likely contains encrypted or compressed data.
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Creates a copy of itself
  • Appends a known CryptoShield ransomware file extension to files that have been encrypted
  • Anomalous binary characteristics

How to determine Ransom:Win32/Shieldcrypt.A?



File Info:

crc32: BC93E186
md5: b4430540f3f8ba43db591332d8b41b50
name: B4430540F3F8BA43DB591332D8B41B50.mlw
sha1: 4c6684ac10a367ab937142226d1f23d2b0d92145
sha256: 29a4bc560905120eae7c6c4300a6c5133b1ea19ed36cdad7bb98f3db1e838ceb
sha512: 017c58b5876c8e082adf04d4e1c481fd71d09bb26ce7bec17aab04dc29386d629e5d7f877d35b27dc86d7cbb83d208bc79b4c25ad5a3c1e484e35ae74e5f93c3
ssdeep: 1536:wAPQdmbcvwcNOM7hsWjcdgqNcOgzUcY7FCphpBOLAORAZyjpfgEkPEtqE:wKQIoL3iJkzfaFCph2LeyRp
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 1994 - 2017
InternalName: Dahl og Solli NUF
FileVersion: 15.21.22.12
CompanyName: Dahl og Solli NUF
ProductVersion: 15.21.22.12
FileDescription: Dahl og Solli NUF
Translation: 0x1c1a 0x04b0

Ransom:Win32/Shieldcrypt.A also known as:

BkavW32.AIDetect.malware1
DrWebTrojan.Encoder.10240
CynetMalicious (score: 100)
ALYacTrojan.Ransom.CryptoShield
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 0056e91c1 )
K7AntiVirusTrojan ( 0056e91c1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.FPDP
APEXMalicious
AvastFileRepMalware
KasperskyTrojan-Dropper.Win32.Dycler.ypy
BitDefenderGen:Variant.Ransom.HydraPack.1
NANO-AntivirusTrojan.Win32.Scatter.falcwm
MicroWorld-eScanGen:Variant.Ransom.HydraPack.1
TencentWin32.Trojan.Raas.Auto
Ad-AwareGen:Variant.Ransom.HydraPack.1
SophosMal/Generic-S
ComodoMalware@#7142pga59h3b
F-SecureHeuristic.HEUR/AGEN.1110109
BitDefenderThetaGen:NN.ZexaF.34608.hq0@aG4Y0TlO
VIPREBehavesLike.Win32.Malware.rwx (mx-v)
TrendMicroRansom_CRYPAURA.SHLDD
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
FireEyeGeneric.mg.b4430540f3f8ba43
EmsisoftGen:Variant.Ransom.HydraPack.1 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDropper.Dycler.oq
AviraHEUR/AGEN.1110109
eGambitUnsafe.AI_Score_99%
MicrosoftRansom:Win32/Shieldcrypt.A
ArcabitTrojan.Ransom.HydraPack.1
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmTrojan-Dropper.Win32.Dycler.ypy
GDataGen:Variant.Ransom.HydraPack.1
TACHYONRansom/W32.CryptoShield.115200
AhnLab-V3Trojan/Win32.CryptoShield.C1821900
McAfeeArtemis!B4430540F3F8
MAXmalware (ai score=100)
VBA32TrojanDropper.Dycler
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
TrendMicro-HouseCallRansom_CRYPAURA.SHLDD
RisingRansom.Fury!8.470A (TFE:5:QMU8U09V5WH)
YandexTrojan.GenAsa!nxRktZ7LWxs
IkarusTrojan.Win32.Crypt
FortinetW32/Kryptik.FPDP!tr
AVGFileRepMalware
Paloaltogeneric.ml
Qihoo-360Win32/TrojanDropper.Generic.HgIASOkA

How to remove Ransom:Win32/Shieldcrypt.A?

Ransom:Win32/Shieldcrypt.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment