Ransom

How to remove “Ransom:Win32/Wadhrama.A!bit”?

Malware Removal

The Ransom:Win32/Wadhrama.A!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Wadhrama.A!bit virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Attempts to delete volume shadow copies
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Ransom:Win32/Wadhrama.A!bit?



File Info:

crc32: EAC9F9F2
md5: 58f6862213cbbdd30e2ec49097b0ac4f
name: 58F6862213CBBDD30E2EC49097B0AC4F.mlw
sha1: a42db6b78aac3a3d856713206f1ab26231a0218e
sha256: 4fb97352c89c1a2299047d2e7ce6eb9f882bd94319c7eed9fd6dfe3b11174067
sha512: 2b9cc1ae8ba25c36d68ba107c263725c24a3edd1dd39c4f863fdb61274577b856198391d85130c5023566583954684d5edab6bcb8a99df305213007b6d99cbb4
ssdeep: 6144:Qjig1Ddwc4FdRIc9g90M/oTfLqKrgrMSY7ipk50ATUMSNiEESafZ1dNcjfcfVvGd:Eigdd14FdqN0UozLqK/SY550+UPwEv2U
type: PE32 executable (GUI) Intel 80386 system file, for MS Windows


Version Info:

LegalCopyright: Copyright xc2xa9Masters ITC Tools.  All rights reserved.
InternalName: Enterprise
FileVersion: 9.2.8.4
CompanyName: Masters ITC Tools
FileDescription: Affordability Typing Instead
Comments: Affordability Typing Instead
ProductName: Enterprise
ProductVersion: 9.2.8.4
PrivateBuild: 9.2.8.4
OriginalFilename: Enterprise
Translation: 0x0409 0x04b0

Ransom:Win32/Wadhrama.A!bit also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ransomware.GenericKD.41631490
FireEyeGeneric.mg.58f6862213cbbdd3
ALYacTrojan.Ransomware.GenericKD.41631490
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0051a8021 )
BitDefenderTrojan.Ransomware.GenericKD.41631490
K7GWTrojan ( 0051a8021 )
Cybereasonmalicious.213cbb
CyrenW32/Trojan.OGCH-3388
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Foreign.nxhb
NANO-AntivirusTrojan.Win32.Filecoder.ewttmj
AegisLabTrojan.Win32.Foreign.4!c
TencentWin32.Trojan.Foreign.Szlu
Ad-AwareTrojan.Ransomware.GenericKD.41631490
EmsisoftTrojan.Ransomware.GenericKD.41631490 (B)
ComodoMalware@#36rig9pwkmy0s
F-SecureHeuristic.HEUR/AGEN.1128643
ZillyaTrojan.Foreign.Win32.57510
McAfee-GW-EditionBehavesLike.Win32.Spyware.fh
SophosMal/Generic-S
JiangminTrojan.Foreign.eak
AviraHEUR/AGEN.1128643
Antiy-AVLTrojan[Ransom]/Win32.Foreign
MicrosoftRansom:Win32/Wadhrama.A!bit
ArcabitTrojan.Ransomware.Generic.D27B3F02
ZoneAlarmTrojan-Ransom.Win32.Foreign.nxhb
GDataTrojan.Ransomware.GenericKD.41631490
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Sagecrypt.Gen
McAfeeArtemis!58F6862213CB
VBA32TrojanRansom.Foreign
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
ESET-NOD32Win32/Filecoder.Crysis.P
RisingRansom.Foreign!8.292 (CLOUD)
YandexTrojan.Foreign!0qc4wxRimpQ
IkarusTrojan-Ransom.FileCrypter
eGambitUnsafe.AI_Score_99%
FortinetW32/Filecoder_Crysis.P!tr
BitDefenderThetaGen:NN.ZexaF.34590.xC0@auPcrqgi
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Ransom.5c8

How to remove Ransom:Win32/Wadhrama.A!bit?

Ransom:Win32/Wadhrama.A!bit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment