Ransom Trojan

Trojan.Ransom.Cerber.CI information

Malware Removal

The Trojan.Ransom.Cerber.CI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Ransom.Cerber.CI virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • Unconventionial language used in binary resources: Portuguese
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits behavior characteristic of Cerber ransomware
  • EternalBlue behavior
  • Generates some ICMP traffic
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Trojan.Ransom.Cerber.CI?



File Info:

crc32: 521C14A3
md5: be00e732c88f3e4ecbebcc11022f256c
name: BE00E732C88F3E4ECBEBCC11022F256C.mlw
sha1: 65490f336878f50ed270cc47fc0e51732552cb65
sha256: ba1573c22b5837c4442c4b5164941fe86a97f7bcd2679518ff6dc8c8fa9d4b32
sha512: 82abbdb7d1036fb5c8f1e767f5b3e33ee57f2e3cff5c0175d7079a9f43a66395442d4aab08fd18af951ef119ca5cac573bd1fcecbbcfe937917269af5a895c30
ssdeep: 6144:dlzJy3qyGpBpFWxPikfRZ98+6GrR/GA3aGskW:k3/MLWxa2RZ98+6e3aGJW
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

eUp Software: Rx15x01FileDescription
Comments: @x10x01CompanyName
eUp Utilities 2014: @x0ex01ProductVersion
yright xa9 AVG Netherlands B. V. 2011: Lx12x01LegalTrademarks
eUp Utilitiesx2122: Lx16x01ProductName
0.1000.340: D
eUp Report Center: <x0ex01FileVersion
Translation: 0x0407 0x04b0

Trojan.Ransom.Cerber.CI also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005224381 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.7074
CynetMalicious (score: 100)
CAT-QuickHealTrojanRansom.Crowti.MUE.A4
ALYacTrojan.Ransom.Cerber.CI
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.972137
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004fdc2c1 )
Cybereasonmalicious.2c88f3
BaiduWin32.Trojan.Kryptik.ayf
CyrenW32/Kryptik.CUI.gen!Eldorado
SymantecPacked.Generic.459
ESET-NOD32a variant of Win32/Kryptik.FJSQ
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Dropper.Cerber-9846087-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Ransom.Cerber.CI
NANO-AntivirusTrojan.Win32.Encoder.evdcgp
MicroWorld-eScanTrojan.Ransom.Cerber.CI
TencentMalware.Win32.Gencirc.10b77080
Ad-AwareTrojan.Ransom.Cerber.CI
SophosML/PE-A + Mal/Cerber-B
ComodoTrojWare.Win32.Filecoder.CB@6q31oo
BitDefenderThetaGen:NN.ZexaF.34686.tq1@au2POs3S
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CERBER.SMEJ5
McAfee-GW-EditionBehavesLike.Win32.Emotet.fh
FireEyeGeneric.mg.be00e732c88f3e4e
EmsisoftTrojan.Ransom.Cerber.CI (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Zerber.aff
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1141466
eGambitUnsafe.AI_Score_98%
MicrosoftRansom:Win32/Cerber.F
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmTrojan.Win32.Menti.gen
GDataTrojan.Ransom.Cerber.CI
AhnLab-V3Win-Trojan/Lukitus2.Exp
Acronissuspicious
McAfeeRansom-Cerber!BE00E732C88F
MAXmalware (ai score=100)
VBA32Hoax.Zerber
MalwarebytesCerber.Ransom.Encrypt.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_CERBER.SMEJ5
RisingTrojan.Kryptik!1.A877 (RDMK:cmRtazq0vmLg0EJ604w4x3wfgNbH)
YandexTrojan.GenAsa!cjn9RyZ2kOs
IkarusTrojan-Ransom.Cerber
FortinetW32/Kryptik.HGZD!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan.Ransom.Cerber.CI?

Trojan.Ransom.Cerber.CI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment