Fake • Ransom • Trojan

Trojan.Ransom.FakeCryptor.A (file analysis)

The Trojan.Ransom.FakeCryptor.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Ransom.FakeCryptor.A virus can do?

Creates RWX memory
Anomalous binary characteristics

How to determine Trojan.Ransom.FakeCryptor.A?


File Info:
crc32: 56F229B0
md5: a5ecac8e829143e2589f8e4f5faaec8a
name: A5ECAC8E829143E2589F8E4F5FAAEC8A.mlw
sha1: 3f580acb366d4c0374fb66363601d63aaf322f95
sha256: 7b99891f195966b5547ee73c0a9803bad64071fc7a8e236847a7728ba8dbf82a
sha512: 7124b49246c6af4401caa376dab69526090fb7e24c579cad5a77f6ca02261851673449329a3b65d8f39bd1bf16d9cfc7eebe662c1d2856258696f6b6c0a642f7
ssdeep: 192:BrqevjE8RbB3uAfFyDobgOiwfbV+zeDbgIzVrp44HSHsGdTVrXQg:5rEaTBgpEweDbgG9e4HUndTV7Qg
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9  2017
Assembly Version: 1.0.0.0
InternalName: HazeRansomeware.exe
FileVersion: 1.0.0.0
ProductName: HazeRansomeware
ProductVersion: 1.0.0.0
FileDescription: HazeRansomeware
OriginalFilename: HazeRansomeware.exe

Trojan.Ransom.FakeCryptor.A also known as:

K7AntiVirus	Trojan ( 00515bcc1 )
Cynet	Malicious (score: 85)
ALYac	Trojan.Ransom.Haze
Cylance	Unsafe
Zillya	Tool.FakeFilecoder.Win32.94
Sangfor	Trojan.Win32.GenericKD.31369909
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Trojan:MSIL/FakeFilecoder.8bb285e2
K7GW	Trojan ( 00515bcc1 )
Cybereason	malicious.e82914
Symantec	Downloader.Ponik
ESET-NOD32	a variant of MSIL/Hoax.FakeFilecoder.BG
Avast	Win32:Malware-gen
Kaspersky	Trojan.MSIL.Locker.ar
BitDefender	Trojan.Ransom.FakeCryptor.A
NANO-Antivirus	Trojan.Win32.Locker.flabvw
MicroWorld-eScan	Trojan.Ransom.FakeCryptor.A
Tencent	Msil.Trojan.Locker.Lors
Ad-Aware	Trojan.Ransom.FakeCryptor.A
Sophos	Mal/Generic-S
Comodo	Malware@#3q5kn6st51rn
BitDefenderTheta	Gen:NN.ZemsilF.34608.bm1@aWx1V2m
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.a5ecac8e829143e2
Emsisoft	Trojan-Ransom.Haze (A)
Avira	JOKE/FakeFilecoder.csjup
Microsoft	Trojan:Win32/Occamy.C
AegisLab	Trojan.MSIL.Locker.4!c
GData	MSIL.Trojan-Ransom.Haze.A
AhnLab-V3	Trojan/Win32.Agent.C2897005
McAfee	Artemis!A5ECAC8E8291
MAX	malware (ai score=87)
VBA32	TScope.Trojan.MSIL
Panda	Trj/GdSda.A
Rising	Trojan.Occamy!8.F1CD (CLOUD)
Yandex	Hoax.FakeFilecoder!jTqeGR+1MIM
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	Riskware/Filecoder
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Generic.HgIASOoA

How to remove Trojan.Ransom.FakeCryptor.A?

Trojan.Ransom.FakeCryptor.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X