Ransom Trojan

Trojan.Ransom.Loki.EDY removal guide

Malware Removal

The Trojan.Ransom.Loki.EDY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Ransom.Loki.EDY virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Telugu
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Deletes executed files from disk
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan.Ransom.Loki.EDY?



File Info:

name: 005A0841424CC8D1B71F.mlw
path: /opt/CAPEv2/storage/binaries/78616f6bae70f51382c8c642a5580b9c433085a606ae59224ec8396aca6218f3
crc32: F3C49269
md5: 005a0841424cc8d1b71fc19702ca7647
sha1: c8be6235c1f962d109f0b42a7d61f4687b9bf03f
sha256: 78616f6bae70f51382c8c642a5580b9c433085a606ae59224ec8396aca6218f3
sha512: bf1f71f1a4f71dcc2e4ca83677c080ad6540c8db4054f8eaea3f43b82f40f231e343bfb4005b6ec0f0cbc0243fa2b7fc5234345ae00fee9ef06437bae56e3f7c
ssdeep: 6144:/xbQq7asTdx16ifogWuQK4ZpG3XQ4L0hlDF5r:/ashxM05WewpmAljr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19EF66AA15A7253A2C8BC58FD236EB31447EEEAF0C29D57FBD04404CE2E1299740E5A5F
sha3_384: c1e1d2674a8573940b79a2eb2026aee8c2e6d726726a5b4ca7e85a01b85ac8cd15c1163c0327131988757b00cab2b9e8
ep_bytes: 8bff558bece836440000e8110000005d
timestamp: 2020-05-04 10:31:57


Version Info:

Translation: 0x020a 0x054b

Trojan.Ransom.Loki.EDY also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Loki.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Ransom.Loki.EDY
FireEyeGeneric.mg.005a0841424cc8d1
CAT-QuickHealRansom.Stop.Z5
SkyhighBehavesLike.Win32.Lockbit.vz
McAfeePacked-GDT!005A0841424C
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Stop.Win32.483
SangforRansom.Win32.Save.a
K7AntiVirusTrojan ( 00588c321 )
AlibabaTrojan:Win32/Azorult.f410ae11
K7GWTrojan ( 00588c321 )
Cybereasonmalicious.1424cc
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.HLWM
APEXMalicious
TrendMicro-HouseCallRansom_StopCrypt.R002C0DLP23
ClamAVWin.Packed.Generic-9882246-0
KasperskyHEUR:Trojan.Win32.Zenpak.gen
BitDefenderTrojan.Ransom.Loki.EDY
NANO-AntivirusTrojan.Win32.Zenpak.kbmagq
AvastWin32:DropperX-gen [Drp]
TencentMalware.Win32.Gencirc.10bbdf61
SophosMal/EncPk-AQE
GoogleDetected
F-SecureHeuristic.HEUR/AGEN.1316832
DrWebTrojan.Siggen14.47413
VIPRETrojan.Ransom.Loki.EDY
TrendMicroRansom_StopCrypt.R002C0DLP23
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Stop.afd
VaristW32/Kryptik.ETS.gen!Eldorado
AviraHEUR/AGEN.1316832
Antiy-AVLTrojan[Ransom]/Win32.STOP
Kingsoftwin32.troj.undef.a
MicrosoftRansom:Win32/StopCrypt.MGK!MTB
ArcabitTrojan.Ransom.Loki.EDY
ZoneAlarmHEUR:Trojan.Win32.Zenpak.gen
GDataTrojan.Ransom.Loki.EDY
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Azorult.R434874
BitDefenderThetaGen:NN.ZexaF.36802.@xW@aOgQVvnG
ALYacTrojan.Ransom.Loki.EDY
MAXmalware (ai score=86)
VBA32BScope.Trojan.Crypt
Cylanceunsafe
PandaTrj/GdSda.A
RisingTrojan.Kryptik!1.D9C0 (CLASSIC)
YandexTrojan.Kryptik!hjMbXNiA4kE
IkarusTrojan-Ransom.Loki
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.ETY!tr
AVGWin32:DropperX-gen [Drp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan:Win/Zenpak.gen

How to remove Trojan.Ransom.Loki.EDY?

Trojan.Ransom.Loki.EDY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment