Categories: Trojan

What is “Trojan.Ranapama.EW”?

The Trojan.Ranapama.EW is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Ranapama.EW virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Anomalous binary characteristics
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Ranapama.EW?


File Info:
name: C7AD011BF34FD256573C.mlwpath: /opt/CAPEv2/storage/binaries/6653f09c9e8034ec7afe589e13c928e893d7e2aa55ccad2ebd2ef518e7e62c27crc32: 16BAEC6Dmd5: c7ad011bf34fd256573ced9a39826610sha1: f4c5baae5ce67ed443024fbe2a5472923d944933sha256: 6653f09c9e8034ec7afe589e13c928e893d7e2aa55ccad2ebd2ef518e7e62c27sha512: 1b0a748a06a8022e09bd0cb91cc98d3539c8154dc65ab7e65e45986df1e802cc9b82d75436992d0b5f8c175a708f005377284ba83fe0fd6dd85f26fb17a22b5fssdeep: 1536:Ht9JhsliAfBBLVAiZFEPN/mCsdXaKqR2HG4vuag:HLEHjVJvCYBkZMqtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1ED83DF5FC075B673F8BEF5B0454D066E63E2D9260EB69937AE401F0E4C35216AF0168Esha3_384: 8019b1572b064a696468b5f2a96ec03696af2cd0b25ccc6fa0570de4504fad51fb67cf853a3d9d2c322cc010dd3ea612ep_bytes: 558bec6aff68503a4000689022400064timestamp: 2015-06-28 07:28:10
Version Info:
0: [No Data]

Trojan.Ranapama.EW also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Agent.todA
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.Ranapama.EW
FireEye	Generic.mg.c7ad011bf34fd256
CAT-QuickHeal	TrojanPWS.Zbot.A4
McAfee	Packed-EZ!C7AD011BF34F
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Trojan.Ranapama.EW
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Trojan ( 0055e3991 )
Alibaba	Trojan:Win32/DllCheck.8f639f6b
K7GW	Trojan ( 0055e3991 )
Cybereason	malicious.e5ce67
BitDefenderTheta	Gen:NN.ZexaF.36662.fqW@a04oCjh
VirIT	Trojan.Win32.Inject2.CMIH
Cyren	W32/S-bee4d96e!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Injector.CERP
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Ranapama.EW
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Injector-CSV [Trj]
Tencent	Malware.Win32.Gencirc.10b5fd1c
Emsisoft	Trojan.Ranapama.EW (B)
Baidu	Win32.Trojan.Injector.j
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.DownLoader14.49148
Zillya	Trojan.Injector.Win32.278363
McAfee-GW-Edition	Packed-EZ!C7AD011BF34F
Trapmine	malicious.high.ml.score
Sophos	Mal/Zbot-UE
Ikarus	Trojan.Inject2
GData	Trojan.Ranapama.EW
Jiangmin	Backdoor/Hlux.gku
Webroot	Trojan.Dropper.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Agent.iftj
Xcitium	Backdoor.Win32.Hlux.AMG@5sucfd
Arcabit	Trojan.Ranapama.EW
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/DllCheck.A!MSR
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Zbot.R157330
VBA32	OScope.Malware-Cryptor.Hlux
ALYac	Trojan.Ranapama.EW
TACHYON	Backdoor/W32.Hlux.82634.B
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Dorv!8.422 (TFE:4:2nR8PNavjMU)
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Injector.CERA!tr
AVG	Win32:Injector-CSV [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)