Categories: RansomTrojan

Trojan.Ransom.EA information

The Trojan.Ransom.EA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Ransom.EA virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses suspicious command line tools or Windows utilities

How to determine Trojan.Ransom.EA?


File Info:
name: CF76BC5036E3B1669FC8.mlwpath: /opt/CAPEv2/storage/binaries/65988565f61af93bbeffe75f0dd6cd406d850911b4093d7abc4f36eeaff988cbcrc32: F080E995md5: cf76bc5036e3b1669fc818d566f7ce59sha1: 0b08a87416746c56b0002ce56b26d94cbac6a1d8sha256: 65988565f61af93bbeffe75f0dd6cd406d850911b4093d7abc4f36eeaff988cbsha512: dea40a3d118758e3b27b745c3b297f30598bb4ebe6fdc39504b59e4ecff68330d8cebbe136defc1065f4efd6821933c8f1bdd3920978a6520a8199504aaf02cessdeep: 1536:l1d2mwXyTcE/11GxU2XzKxZWvifeKCMpoueetQjvvs9Gqu2D:l1GyTcEqxPjKxE6fFnpxeRrvh2Dtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13853F242AFB91093DAA77FFD556E20605937727024804F86E88BB84E29D66D152703FFsha3_384: b38fdbec7c2ef721b74e964068343f1e2cdd7f55e47fc229c954737042e5bbc40572245fa5a2776627680da08604e309ep_bytes: 60be00f040008dbe0020ffffc78708f0timestamp: 2005-11-30 04:01:58
Version Info:
Comments: MythCompanyName: Pinnacle SystemsFileDescription: DeadFileVersion: 10.9InternalName: Stroll Fetus Verne WebLegalCopyright: Misty © Mile Strafe 1995-2009OriginalFilename: Epsom.exeProductName: Josh Nods Chump Ovals Crass CarlProductVersion: 10.9Translation: 0x0409 0x04b0

Trojan.Ransom.EA also known as:

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Generic.lh2q
Elastic	malicious (moderate confidence)
DrWeb	Trojan.Packed.22288
MicroWorld-eScan	Trojan.Ransom.EA
FireEye	Generic.mg.cf76bc5036e3b166
ALYac	Trojan.Ransom.EA
Cylance	Unsafe
VIPRE	Trojan.Ransom.EA
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( f1000f011 )
Alibaba	Ransom:Win32/PornoAsset.c1554737
K7GW	Trojan ( f1000f011 )
Cybereason	malicious.036e3b
BitDefenderTheta	Gen:NN.ZexaF.34646.dmKfaa6UJ6fi
Cyren	W32/Ransom.EZYI-4471
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/LockScreen.AJN
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Ransom.Win32.PornoAsset.cqjj
BitDefender	Trojan.Ransom.EA
NANO-Antivirus	Trojan.Win32.Birele.hujbi
SUPERAntiSpyware	Trojan.Agent/Gen-Figler
Tencent	Win32.Trojan.Lockscreen.Rgil
Ad-Aware	Trojan.Ransom.EA
Emsisoft	Trojan.Ransom.EA (B)
Comodo	TrojWare.Win32.TrojanDropper.Agent.ACH@4m8n0u
Zillya	Trojan.PornoAsset.Win32.2184
TrendMicro	TROJ_RANSOM.BRJ
McAfee-GW-Edition	Generic.iz
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-R + Troj/Agent-VDX
SentinelOne	Static AI – Malicious PE
GData	Trojan.Ransom.EA
Jiangmin	Trojan/Birele.ql
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/Ransom.EA.1
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.300
Kingsoft	Win32.Troj.Generic.a.(kcloud)
Arcabit	Trojan.Ransom.EA
Microsoft	Ransom:Win32/Loktrom.B
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Generic.iz
VBA32	Hoax.Birele
Malwarebytes	Malware.Heuristic.1003
Panda	Generic Malware
TrendMicro-HouseCall	TROJ_RANSOM.BRJ
Rising	Ransom.Weenloc!8.519 (TFE:5:eO2ExhvfXcV)
Yandex	Trojan.GenAsa!sM5aqWrajac
Ikarus	Trojan-Ransom.PornoAsset
MaxSecure	Trojan.Malware.4454766.susgen
Fortinet	W32/Yakes.LS!tr
AVG	Win32:Evo-gen [Trj]
Avast	Win32:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)