Ransom Trojan

What is “Trojan.Ransom.AAK”?

Malware Removal

The Trojan.Ransom.AAK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Ransom.AAK virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Venezuela)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Ransom.AAK?



File Info:

name: 459A7907B68B05735EED.mlw
path: /opt/CAPEv2/storage/binaries/4a885bfeeef07e2aa455072dbb321f1d5353f32126791c71e1df34cc0ab8b4c8
crc32: 0D6615F5
md5: 459a7907b68b05735eedda52682e74d2
sha1: 0a2aaec00afd896bfdb9aa9bc4b5abef5d637907
sha256: 4a885bfeeef07e2aa455072dbb321f1d5353f32126791c71e1df34cc0ab8b4c8
sha512: eb1994119188a3985b6206a7476f3304e9ece0a66ffbfb1c8df5cb4d5d3b2552695672af4aea64ff53a3839009daf65d254d503020301c26f35351175576e522
ssdeep: 3072:0L451Tf09OrazZFSJQuHFNE8IcaCsiiRUKHwG8wkCWaBwu7/5es:0L451LJBH/E8sCniRUKHywU2wu7Res
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T101F31243F89801B5C44EC5745CC76B8E5A79E05338D0AFA28BC4923B7DCAC59B38667B
sha3_384: 100b4832904219da02884ddd2f6039761827b1a38c3693fc6928597f4e45b685ae5c0e8ea0dfefd38fc4b890450f8004
ep_bytes: 60be00c042008dbe0050fdff5789e58d
timestamp: 2001-06-19 17:29:47


Version Info:

OriginalFilename: Rbqynx6auk4o.exe
qFb8deJYaeBG2A: oJebxJdiKp6y7jGPX
LXGtkUQrBkwJAQTNTF: 5aJ8xeh8oQCRMq
R72ER2TAOEH: GMQhqjkAi1VXWMIA4y7Y
LOQGdU8c4Q: w82vqLjmcj8xB4A8
w3WDr5ujseFbAS52: oTBywfOk6qNmv3CP2ik
P26kAkNt5ruRq5JAN1B: EjjT3myBy8McXKObW
LbCquVUPS7FR2B: vnbam48Pv6djQedqr
oIxnSsWsIRr: hC1DT3OhcUJi2kp5EG
aITmwoMg31bB6U: 3M3hT2MsmW
SXckrT5Ey1L3sf66XJeE: JUusk6bNtMER
ProductName: Hako
PYbLP8ELVkCp4Hp: uBAa31qalKsjphf
PUclfw4Y8l2H: N6aB2AQ2bWSLNeT
lqWmOHIm4i5Dl6Nab: rCocL7CXjFL4puujTP
POYOrWWd5OCwEbJ: AJJBXlYwK7r1CyKuu6
EhUcekvvIOY7: 4lVFVQ8osqTWXvm
4uC18GtbOqOrj2qF: ErYLoIhAFOJjYT3
blTYYtFQnxVTIq: 4o3GRCApvXTrNyda6PI
W2nkbreUKQA: OftDYtGFhX4gXoIMtG
FileDescription: Enukoqe Bybuxu Xucep
eaJ47NtHaoehoqdrJ: mdmEVMVCRP2S7jSVw
esqeDoJoJiplTCrMX3: ar8tCQcK6vo
Translation: 0x0409 0x04b0

Trojan.Ransom.AAK also known as:

DrWebBackDoor.IRC.NgrBot.42
MicroWorld-eScanTrojan.Ransom.AAK
FireEyeGeneric.mg.459a7907b68b0573
CAT-QuickHealWorm.Dorkbot.I5
McAfeeGenericRXAA-AA!459A7907B68B
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.7242
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0051918e1 )
K7GWTrojan ( 0051918e1 )
Cybereasonmalicious.7b68b0
BitDefenderThetaGen:NN.ZexaF.34592.jm0@aK9R0dV
VirITTrojan.Win32.SHeur4.BGPG
CyrenW32/Dorkbot.VYUD-0883
SymantecTrojan.Zbot
Elasticmalicious (high confidence)
ESET-NOD32Win32/Dorkbot.B
APEXMalicious
ClamAVWin.Worm.Autorunvb-7053731-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Ransom.AAK
NANO-AntivirusTrojan.Win32.NgrBot.crswdx
AvastWin32:Crypt-KOW [Trj]
Ad-AwareTrojan.Ransom.AAK
EmsisoftTrojan.Ransom.AAK (B)
ComodoTrojWare.Win32.Kryptik.AZJH@55pjr5
F-SecureTrojan.TR/Crypt.EPACK.Gen2
VIPRETrojan.Ransom.AAK
McAfee-GW-EditionDropper-FEB!FCA3F36AEE74
Trapminemalicious.high.ml.score
SophosTroj/Zbot-ETH
IkarusVirus.Win32.Heur
GDataTrojan.Ransom.AAK
JiangminTrojan.Generic.dfnwo
WebrootW32.Rogue.Gen
GoogleDetected
AviraTR/Crypt.EPACK.Gen2
MAXmalware (ai score=81)
Antiy-AVLTrojan[Ransom]/Win32.Blocker
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Ransom.AAK
ViRobotTrojan.Win32.Blocker.132096
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftWorm:Win32/Dorkbot.I
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Blocker.R77202
VBA32BScope.Trojan.MTA.0661
ALYacTrojan.Ransom.AAK
MalwarebytesSality.Virus.FileInfector.DDS
YandexTrojan.GenAsa!oSbnukbY+aM
SentinelOneStatic AI – Malicious PE
FortinetW32/ZeroAccess.NDY!tr
AVGWin32:Crypt-KOW [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Ransom.AAK?

Trojan.Ransom.AAK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment