Ransom

How to remove “Ransom:Win32/SporaCrypt.PAD!MTB”?

Malware Removal

The Ransom:Win32/SporaCrypt.PAD!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/SporaCrypt.PAD!MTB virus can do?

  • Uses Windows utilities to enumerate running processes
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Accessed credential storage registry keys
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/SporaCrypt.PAD!MTB?



File Info:

name: EE21B4883A344A8648F0.mlw
path: /opt/CAPEv2/storage/binaries/a7a6ac83d928890eece7c9e89515ef6886a45f2801afba9bc6b6a5f72b6f335b
crc32: D89A7F61
md5: ee21b4883a344a8648f061b8d0e6f62c
sha1: 27e6c8b46aab063f555445f8d84328977f80a9bf
sha256: a7a6ac83d928890eece7c9e89515ef6886a45f2801afba9bc6b6a5f72b6f335b
sha512: a3413083e21b565d45fd626ad452efcfe15a79e027f3a23adcdc2e852c26f5e072b12728b06da3ea1e2b7d337f471c7951517b0ecbe4c92634e816911104353f
ssdeep: 24576:+pF3468kI9BMItRlrmlaQRSSOrmkHDPFpVSZzihCwBRtSuaf:M4hk2RMRSSOiaPdSZzihFBRtSu4
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T17F459D31B692D036F96101F05EB8FBAA552DFC254F3946CB77D41A2E6A305C20E32E67
sha3_384: 153be7ec5ebe4f4a3096220d7642ef42b710bb4d9f02cec93dba6b0df8ae9315663a0ceeaf33f55edcf316b6cb4fe9ae
ep_bytes: e8f20c0000e974feffffcccccccccc80
timestamp: 2022-08-26 11:44:31


Version Info:

0: [No Data]

Ransom:Win32/SporaCrypt.PAD!MTB also known as:

LionicTrojan.Win32.Generic.j!c
MicroWorld-eScanDeepScan:Generic.Ransom.Spora.D292F861
FireEyeGeneric.mg.ee21b4883a344a86
ALYacTrojan.Ransom.VoidCrypt
CylanceUnsafe
VIPREDeepScan:Generic.Ransom.Spora.D292F861
SangforRansom.Win32.Filecoder.Vd05
K7AntiVirusTrojan ( 0058fa831 )
AlibabaRansom:Win32/Filecoder.9810d8e8
K7GWTrojan ( 0058fa831 )
Cybereasonmalicious.83a344
CyrenW32/ABRisk.RULB-2288
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Filecoder.OIF
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Ransom.Win32.Generic
BitDefenderDeepScan:Generic.Ransom.Spora.D292F861
AvastWin32:Malware-gen
TencentWin32.Trojan.Filecoder.Jflw
Ad-AwareDeepScan:Generic.Ransom.Spora.D292F861
EmsisoftDeepScan:Generic.Ransom.Spora.D292F861 (B)
DrWebTrojan.Siggen18.42020
TrendMicroTROJ_GEN.R011C0WI422
McAfee-GW-EditionBehavesLike.Win32.Generic.th
SophosMal/Generic-S
JiangminTrojan.DelShad.brc
GoogleDetected
AviraTR/FileCoder.drydq
Antiy-AVLTrojan/Generic.ASMalwS.1D6F
MicrosoftRansom:Win32/SporaCrypt.PAD!MTB
ArcabitDeepScan:Generic.Ransom.Spora.D292F861
GDataDeepScan:Generic.Ransom.Spora.D292F861
CynetMalicious (score: 100)
McAfeeArtemis!EE21B4883A34
MAXmalware (ai score=88)
VBA32BScope.Exploit.Convagent
TrendMicro-HouseCallTROJ_GEN.R011C0WI422
RisingRansom.RCRU!1.DDE5 (CLASSIC)
IkarusTrojan-Ransom.FileCrypter
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Filecoder.OIE!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34646.hvW@aW7aoBli
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Ransom:Win32/SporaCrypt.PAD!MTB?

Ransom:Win32/SporaCrypt.PAD!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment