Ransom Trojan

Trojan.Ransom.Cerber.TJ (file analysis)

Malware Removal

The Trojan.Ransom.Cerber.TJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Ransom.Cerber.TJ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk
  • Attempts to access Bitcoin/ALTCoin wallets
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Ransom.Cerber.TJ?



File Info:

name: 8B324F4B215F0E8A8291.mlw
path: /opt/CAPEv2/storage/binaries/2552fc8ecbdcfdc516fee470602639aa55d44f3c789dbf804a7b20024c96ed93
crc32: BACE428E
md5: 8b324f4b215f0e8a829138c671ca3ed1
sha1: 4e482bae48a6d7824f575d0e2243066505d191aa
sha256: 2552fc8ecbdcfdc516fee470602639aa55d44f3c789dbf804a7b20024c96ed93
sha512: 01622a8e1be74c08f1cba03e12685e531fc4088793114d99f1aa0fa21bed22408f5950e681ef90034e7ac406804344f01e0cd39a37c3d6967502c1951668112a
ssdeep: 12288:wf993Giy8v5v8m4Z6zrYPZaoBvOPeoNl5xS:wz3GiZ6m4Z6HYPZagvLoN7xS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14FF40241A80D9F53C8AA36B1D5B7362A8444DDF4E148F6066EE3313E2DF29916DD3EC8
sha3_384: e49ee2e63cd642eb9dbb912b347bda02102308960a3488b1f21701c8248dbfc1437e5b6f6c4e0fee29cafa04fa6ad7c8
ep_bytes: 688cb84a00e8f0ffffff000000000000
timestamp: 2017-05-26 12:45:47


Version Info:

Translation: 0x0409 0x04b0
Comments: Nurofenteen   
CompanyName: Cumberland
FileDescription: Nurofenteen   
LegalCopyright: Nurofenteen   
LegalTrademarks: Nurofenteen   
ProductName: Nurofenteen   
FileVersion: 1.05.0002
ProductVersion: 1.05.0002
InternalName: Tabelvrket3
OriginalFilename: Tabelvrket3.exe

Trojan.Ransom.Cerber.TJ also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ransom.Cerber.TJ
FireEyeGeneric.mg.8b324f4b215f0e8a
McAfeeFareit-FMP!8B324F4B215F
CylanceUnsafe
VIPRETrojan.Ransom.Cerber.TJ
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 0050e9a91 )
K7GWTrojan ( 0050e9a91 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/BypassUAC.C.gen!Eldorado
SymantecTrojan.Gen
tehtrisGeneric.Malware
ESET-NOD32Win32/Filecoder.Cerber.G
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Cerber-9957720-0
KasperskyTrojan-Ransom.Win32.Zerber.edor
BitDefenderTrojan.Ransom.Cerber.TJ
NANO-AntivirusTrojan.Win32.AD.eppbpe
AvastWin32:Malware-gen
RisingMalware.Undefined!8.C (TFE:3:Ziq5Eg9tBaD)
Ad-AwareTrojan.Ransom.Cerber.TJ
EmsisoftTrojan.Ransom.Cerber.TJ (B)
DrWebTrojan.Inject2.53847
ZillyaTrojan.Zerber.Win32.2479
TrendMicroTSPY_HPFAREIT.SM2
McAfee-GW-EditionFareit-FMP!8B324F4B215F
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/FareitVB-L
SentinelOneStatic AI – Malicious PE
GDataTrojan.Ransom.Cerber.TJ
JiangminTrojan.Zerber.cey
GoogleDetected
AviraHEUR/AGEN.1210952
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.481B
ZoneAlarmTrojan-Ransom.Win32.Zerber.edor
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/VBKrypt.RP.X1764
BitDefenderThetaAI:Packer.3E85D72421
ALYacTrojan.Ransom.Cerber.TJ
VBA32Hoax.Zerber
MalwarebytesMachineLearning/Anomalous.94%
TrendMicro-HouseCallTSPY_HPFAREIT.SM2
TencentMalware.Win32.Gencirc.10bba843
YandexTrojan.GenAsa!30ivTyV0lEA
IkarusTrojan.Win32.Filecoder
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.CJGS!tr
AVGWin32:Malware-gen
Cybereasonmalicious.b215f0
PandaTrj/GdSda.A

How to remove Trojan.Ransom.Cerber.TJ?

Trojan.Ransom.Cerber.TJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment