Categories: RansomTrojan

Trojan-Ransom.Win32.Blocker.jjze (file analysis)

The Trojan-Ransom.Win32.Blocker.jjze is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Blocker.jjze virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Unconventionial language used in binary resources: Japanese
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Sniffs keystrokes
Installs an hook procedure to monitor for mouse events
Installs itself for autorun at Windows startup
Operates on local firewall’s policies and settings
Creates a slightly modified copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

How to determine Trojan-Ransom.Win32.Blocker.jjze?


File Info:
crc32: F0E86D78md5: 4cc0b52ba08b7a233a2578ac5982425dname: 4CC0B52BA08B7A233A2578AC5982425D.mlwsha1: e66a24037ed90c7e33482de4b686e4b2da196147sha256: 4ba908cc10a5a69f0e4b3eca21150366ddf42fb704dd23e28c04b314278fcc76sha512: 423e19443ccefdbfb8cdbc99fa621f2628226dce6269320c7fd416f5d848cc40ba39ee35de0d6ccac33fcbd242cc62aef86df1bf46548563bf86dd8bdca693b4ssdeep: 6144:zOqGHrUxu/3kuCnBUZzfa2i8hvH6VeISOuVMOF6FRJqDTWz0qZR62SRipWwavD1:zipWzZ8GI3type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2004-2012 SHIROUZU Hiroaki All rights reserved.InternalName: FastCopyFileVersion: 2, 1, 1, 0CompanyName: SHIROUZU HiroakiComments: http://ipmsg.org/tools/fastcopy.htmlProductName: FastCopyProductVersion: 2, 1, 1, 0FileDescription: FastCopyOriginalFilename: FastCopy.exeTranslation: 0x0411 0x04b0

Trojan-Ransom.Win32.Blocker.jjze also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0055e3991 )
Lionic	Trojan.Win32.Windef.c!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen4.20010
Cynet	Malicious (score: 100)
Cylance	Unsafe
Zillya	Trojan.Windef.Win32.3656
Sangfor	Trojan.Win32.Injector.XSV
CrowdStrike	win/malicious_confidence_80% (W)
Alibaba	Ransom:Win32/Blocker.b151cb84
K7GW	Trojan ( 0055e3991 )
Cybereason	malicious.ba08b7
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.XSV
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Ransom.Win32.Blocker.jjze
NANO-Antivirus	Trojan.Win32.FakeAV.ebybro
Tencent	Win32.Trojan.Inject.Auto
Sophos	Mal/Generic-S
Comodo	Malware@#33cstyclfu41r
BitDefenderTheta	Gen:NN.ZevbaF.34294.Tm0@a0n5tHjG
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.bz
FireEye	Generic.mg.4cc0b52ba08b7a23
SentinelOne	Static AI – Malicious PE
Avira	TR/Dropper.VB.Gen8
eGambit	Generic.Malware
Antiy-AVL	Trojan/Generic.ASMalwS.183BB05
Microsoft	VirTool:Win32/VBInject.gen!JD
AhnLab-V3	Trojan/Win32.VBKrypt.R40134
McAfee	Artemis!4CC0B52BA08B
MAX	malware (ai score=100)
VBA32	TrojanFakeAV.Windef
Panda	Trj/GdSda.A
Yandex	Trojan.GenAsa!+xAw2f0C4Oc
Ikarus	Trojan-PWS.Win32.Zbot
Fortinet	W32/Injector.YMS!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml