Ransom Trojan

How to remove “Trojan-Ransom.Win32.Blocker.iglf”?

Malware Removal

The Trojan-Ransom.Win32.Blocker.iglf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Blocker.iglf virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Blocker.iglf?



File Info:

name: A1A73C316FCF3D3F0215.mlw
path: /opt/CAPEv2/storage/binaries/b40a4af4bc9ba2801e9c80a41f4ca7f90003bae56a4b1abf362ae8ffa9c91e9a
crc32: 6CA5EFEB
md5: a1a73c316fcf3d3f0215ce2ccd3ee40b
sha1: 0c0c87b07e102a89e6129b43f992e8ec1352e635
sha256: b40a4af4bc9ba2801e9c80a41f4ca7f90003bae56a4b1abf362ae8ffa9c91e9a
sha512: 7b748cc55a8377fe3284959b453988f8ad131cd39134154d8188d95967b7ca5d58f808fc404158bc743b4446c27e6bc50b042a09dc5fceb9e2512136c33f712e
ssdeep: 98304:8Xz+nyql6UyaWoDlKIWkmC9HsXBaPUQlXHoYJWr0VROJSLA4k:EKf9Ww0kX9MxCjRo8K0VZk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BFF53335B192803EC6101D7DD10F8379F9BBBD901B36A4CFB6DE2658EE7314AA264076
sha3_384: 26c17b64ce34757642c49e1c430912384e664f6bc02269c3e58087b29787f050e92001c816b6b193d71a8f9b94ed7c23
ep_bytes: 558bec83c4f0b888534200e824f2fdff
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
CompanyName: RawFish2D                                                   
FileDescription: WinLock-Crasher 4.0 Installation                            
FileVersion: 4.0                 
LegalCopyright: RawFish2D                                                                                           
Translation: 0x0409 0x04e4

Trojan-Ransom.Win32.Blocker.iglf also known as:

LionicTrojan.Win32.Blocker.j!c
McAfeeArtemis!A1A73C316FCF
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Ransom.Win32.Blocker.iglf
TencentWin32.Trojan.Blocker.Llqt
DrWebTrojan.MulDrop7.38194
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Blocker.dqe
MicrosoftTrojan:Win32/Sabsik.TE.B!ml
PandaTrj/CI.A
eGambitUnsafe.AI_Score_96%
FortinetW32/Blocker.IGLF!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
MaxSecureTrojan-Ransom.Win32.Crypmod.zfq

How to remove Trojan-Ransom.Win32.Blocker.iglf?

Trojan-Ransom.Win32.Blocker.iglf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment