Ransom

Ransom:Win32/Vaultcrypt.A removal

Malware Removal

The Ransom:Win32/Vaultcrypt.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Vaultcrypt.A virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Modifies boot configuration settings
  • Attempts to execute a binary from a dead or sinkholed URL
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • Creates a hidden or system file
  • Harvests information related to installed mail clients
  • Creates a known CrypVault ransomware decryption instruction / key file.
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Vaultcrypt.A?



File Info:

crc32: BE2C352A
md5: 0bb8c7a7a5131c798507a7044c4c9df7
name: 0BB8C7A7A5131C798507A7044C4C9DF7.mlw
sha1: 25cce998e9e91cab53508210b77c3a95712a7596
sha256: 275772babd58ae9637094df1bb6454e2a288488f42ffe550a3063782050ce3a0
sha512: 18fc80b0cb51ba078fa3168a5e00b63a0bcd5ad5f820a93f7ecde261efda9a4c91fd0e3c6d7e83eef5da1182004f04b6501b86261289d6aa331074eef7f52633
ssdeep: 6144:19o7tHiKg02IwLPn3/tn7kPcruDti11JdIo50M5Eot:bAHiKgHdnAPgu5i/j59nt
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2005-2012 Oleg N. Scherbakov
InternalName: 7ZSfxMod
FileVersion: 1.5.0.2712
CompanyName: Oleg N. Scherbakov
PrivateBuild: December 30, 2012
ProductName: 7-Zip SFX
ProductVersion: 1.5.0.2712
FileDescription: 7z Setup SFX (x86)
OriginalFilename: 7ZSfxMod_x86.exe
Translation: 0x0000 0x04b0

Ransom:Win32/Vaultcrypt.A also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Packed2.38550
MicroWorld-eScanGen:Variant.Ransom.Spora.29
FireEyeGeneric.mg.0bb8c7a7a5131c79
McAfeeRansomware-FQO!0BB8C7A7A513
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforRansom.Win32.Vaultcrypt.A
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderGen:Variant.Ransom.Spora.29
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.7a5131
BitDefenderThetaGen:NN.ZexaF.34608.lqW@aGs!aOdG
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallHT_CRYPFH_GA25043C.UVPM
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyTrojan-PSW.Win32.Fareit.cbel
AlibabaTrojanPSW:Win32/Fareit.41103d5e
NANO-AntivirusTrojan.Win32.Ekstak.evdhuj
RisingRansom.Scatter!8.139C (C64:YzY0Ojv+ibzGrL5m)
EmsisoftGen:Variant.Ransom.Spora.29 (B)
ComodoMalware@#ku5cpu998059
F-SecureHeuristic.HEUR/AGEN.1124226
TrendMicroHT_CRYPFH_GA25043C.UVPM
McAfee-GW-EditionRansomware-FQO!0BB8C7A7A513
SophosMal/Generic-R + Mal/Zbot-UQ
IkarusTrojan.Win32.Filecoder
AviraTR/Crypt.ZPACK.glkf
Antiy-AVLTrojan[PSW]/Win32.Fareit
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/Vaultcrypt.A
ArcabitTrojan.Ransom.Spora.29
AhnLab-V3Trojan/Win32.Scatter.R188700
ZoneAlarmTrojan-PSW.Win32.Fareit.cbel
GDataGen:Variant.Ransom.Spora.29
TACHYONRansom/W32.Scatter.222921
ESET-NOD32Win32/Filecoder.FH
VBA32Hoax.Scatter
ALYacGen:Variant.Ransom.Spora.29
MAXmalware (ai score=100)
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/CI.A
APEXMalicious
TencentMalware.Win32.Gencirc.10b4986e
YandexTrojan.PWS.Fareit!xxWEcNE9Pgk
SentinelOneStatic AI – Malicious SFX
FortinetW32/Injector.DEEZ!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_80% (D)
Qihoo-360Win32/Backdoor.PonyRAT.HgIASOgA

How to remove Ransom:Win32/Vaultcrypt.A?

Ransom:Win32/Vaultcrypt.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment