Ransom Trojan

Trojan.Ransom.WannaCryptor.L (file analysis)

Malware Removal

The Trojan.Ransom.WannaCryptor.L is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Ransom.WannaCryptor.L virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Code injection with CreateRemoteThread in a remote process
  • Attempts to modify desktop wallpaper
  • A process attempted to delay the analysis task by a long amount of time.
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Attempts to modify or disable Security Center warnings
  • Attempts to block SafeBoot use by removing registry keys
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Trojan.Ransom.WannaCryptor.L?



File Info:

crc32: D385C4EA
md5: 26e8f9a81422b308e3e8edcf64388087
name: 26E8F9A81422B308E3E8EDCF64388087.mlw
sha1: 6dfd498216bb1d909229dfe8186763098688f7f9
sha256: 1b839b06119ad9ec2aaf6dbe622359350c840b798723ba5ad7f8b22be5e74b8f
sha512: 899f4c649188411a89261c488a9a408a0432615fde1d939fda306f8764eab00304855af2a5a9d2dadd71ad69d9b3cbaa349ad5d9e45dd86847a3c6037b3bdbd4
ssdeep: 3072:Xmrhd5U1eigWcR+uiUg6p4FLlG4tlL2z+mmCeHFZjoHEo31cCSHMI5TDeRGPtV1c:XEd5+IZiZhLlG4qimmCTcbfTB/h8X
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: LODCTR.EXE
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 6.1.7600.16385
FileDescription: Load PerfMon Counters
OriginalFilename: LODCTR.EXE
Translation: 0x0409 0x04b0

Trojan.Ransom.WannaCryptor.L also known as:

BkavW32.Sality.PE
K7AntiVirusTrojan ( 0050db011 )
Elasticmalicious (high confidence)
DrWebWin32.Sector.30
CynetMalicious (score: 100)
CAT-QuickHealW32.Sality.U
ALYacTrojan.Ransom.WannaCryptor.L
CylanceUnsafe
ZillyaTrojan.WannaCryptGen.Win32.1
SangforRansom.Win32.Wannacry_5.se
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0050db011 )
Cybereasonmalicious.81422b
BaiduWin32.Virus.Sality.gen
CyrenW32/Sality.E.gen!Eldorado
SymantecRansom.Wannacry
ESET-NOD32Win32/Sality.NBA
ZonerTrojan.Win32.55633
APEXMalicious
AvastWin32:Kukacka [Inf]
ClamAVWin.Ransomware.WannaCry-6313787-0
KasperskyTrojan-Ransom.Win32.Wanna.c
BitDefenderTrojan.Ransom.WannaCryptor.L
NANO-AntivirusVirus.Win32.Sality.yusp
ViRobotWin32.Sality.Gen.A
SUPERAntiSpywareRansom.WannaCrypt/Variant
MicroWorld-eScanTrojan.Ransom.WannaCryptor.L
TencentTrojan.Win32.WannaCry.d
Ad-AwareTrojan.Ransom.WannaCryptor.L
SophosML/PE-A + Mal/Sality-D
ComodoVirus.Win32.Sality.gen@1egj5j
BitDefenderThetaAI:FileInfector.A5ECCBAB0E
VIPREVirus.Win32.Sality.at (v)
TrendMicroRansom_WCRY.SM
McAfee-GW-EditionBehavesLike.Win32.Dropper.fh
FireEyeGeneric.mg.26e8f9a81422b308
EmsisoftTrojan.Ransom.WannaCryptor.L (B)
SentinelOneStatic AI – Malicious PE
JiangminWin32/Virut.bt
AviraW32/Sality.AT
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASVirus.C4
MicrosoftVirus:Win32/Sality.AT
ArcabitTrojan.Ransom.WannaCryptor.L
AegisLabTrojan.Win32.Wanna.j!c
GDataWin32.Trojan-Ransom.WannaCry.E
TACHYONVirus/W32.Sality.D
AhnLab-V3Win32/Kashu.E
Acronissuspicious
McAfeeW32/Sality.gen.z
MAXmalware (ai score=80)
VBA32Virus.Win32.Sality.bakb
MalwarebytesRansom.WannaCrypt
PandaW32/Sality.AA
TrendMicro-HouseCallRansom_WCRY.SM
RisingVirus.Sality!1.A5BD (CLASSIC)
YandexTrojan.GenAsa!DkX5FxEFGvQ
IkarusTrojan-Ransom.WannaCry
MaxSecureTrojan.Ransom.Wanna.d
FortinetW32/Wanna.C!tr.ransom
AVGWin32:Kukacka [Inf]
Paloaltogeneric.ml

How to remove Trojan.Ransom.WannaCryptor.L?

Trojan.Ransom.WannaCryptor.L removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment