About “Ransom:Win32/WannaCry.PA!MTB” infection

Malware Removal

The Ransom:Win32/WannaCry.PA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Ransom:Win32/WannaCry.PA!MTB virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Attempts to modify desktop wallpaper
  • Steals private information from local Internet browsers
  • Exhibits possible ransomware file modification behavior
  • Network activity detected but not expressed in API logs

How to determine Ransom:Win32/WannaCry.PA!MTB?


File Info:

crc32: 33D63025
md5: 02ab302c999f0b592ea0b9873514d38a
name: 02AB302C999F0B592EA0B9873514D38A.mlw
sha1: 1f269eceb2aaf48fa454b5ccb72e8e00831d6bf1
sha256: fa3ebf23620bbafc369a8af1d2a98eca52bf8b5e94707b17eb0771c2138d9250
sha512: 83cdb758a8de126aa10e3945d2bf44d86c2d4a524d149a66dd807d64afbbf1cbdc93f9cf404cae7b9914357651b560cf8c030a691230e55edb46285cf52c6ef1
ssdeep: 24576:2iyOhV8RpEnWAnjA1cplTK2A0jPwd5L4a:2le8RYnj5pK2A6YdR4a
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Wannacry
FileVersion: 1.0.0.0
CompanyName: Wannacry
Comments: Wannacry
ProductName: Wannacry
ProductVersion: 1.0.0.0
FileDescription: Wannacry
Translation: 0x0804 0x04b0

Ransom:Win32/WannaCry.PA!MTB also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005246d51 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.34100
CynetMalicious (score: 100)
ALYacGen:Variant.Graftor.708564
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanPSW:Win32/Stealer.f2ec0af8
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.c999f0
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
KasperskyHEUR:Trojan-Ransom.Win32.Agent.gen
BitDefenderGen:Variant.Graftor.708564
MicroWorld-eScanGen:Variant.Graftor.708564
TencentWin32.Trojan-qqpass.Qqrob.Eop
Ad-AwareGen:Variant.Graftor.708564
SophosMal/Generic-S
ComodoWorm.Win32.Dropper.RA@1qraug
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.th
FireEyeGeneric.mg.02ab302c999f0b59
EmsisoftGen:Variant.Graftor.708564 (B)
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Blackhole.dir
WebrootW32.Malware.Gen
AviraTR/Redcap.ijzuj
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftRansom:Win32/WannaCry.PA!MTB
ArcabitTrojan.Graftor.DACFD4
AegisLabTrojan.Win32.Generic.lqH9
GDataWin32.Trojan.PSE.19Q2126
AhnLab-V3Trojan/Win.WannaCryptor.C4539445
Acronissuspicious
McAfeeGenericRXAA-FA!02AB302C999F
MAXmalware (ai score=82)
MalwarebytesTrojan.MalPack.FlyStudio
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002H09FU21
RisingTrojan.Generic@ML.98 (RDMK:hPfcYyyShekF5b1OgYzc3Q)
IkarusTrojan.Win32.MBRlock
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Stealer
AVGWin32:RansomX-gen [Ransom]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.WannaCry.HgIASXgA

How to remove Ransom:Win32/WannaCry.PA!MTB?

Ransom:Win32/WannaCry.PA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment