Ransom Trojan

Trojan-Ransom.Win32.Blocker.ujaf removal tips

Malware Removal

The Trojan-Ransom.Win32.Blocker.ujaf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.Blocker.ujaf virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Blocker.ujaf?


File Info:

name: 8C00783A2B0D6E274302.mlw
path: /opt/CAPEv2/storage/binaries/15a98e2cae6e4baf94de4ec25bdfc9e01c44748c033da5baa9baacb9ba890420
crc32: 01F64240
md5: 8c00783a2b0d6e27430226a75c5079e5
sha1: aace3e39b54e8237c4e4da86bc9936a5f2a2cb1e
sha256: 15a98e2cae6e4baf94de4ec25bdfc9e01c44748c033da5baa9baacb9ba890420
sha512: 0be6eac149e15012b31fff822712b21df9de6b0107d00909a4c3a66d1ecfa122f4f85f0b825907a4f5bfedd898c98ed9ea919e77214c2d1578fcc9ba9360b54e
ssdeep: 196608:0Hazg7DS8Hazg7DS8Hazg7DS8Hazg7DSv:Lg7uTg7uTg7uTg7uv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17786137AF1908437D1236E7CCC5BA754A825BEE02D28608A7BEC1C4DDF39B8135262D7
sha3_384: d275f270256a0dbc2eeb01538af53c2d50790b38c1e2c91b3ff462b5a81ddb5e1f1840cd95aaf351552ba7a4b7f6e256
ep_bytes: 55545d906a2890596a006a004975f953
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Trojan-Ransom.Win32.Blocker.ujaf also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader6.7779
MicroWorld-eScanGen:Variant.Symmi.34741
FireEyeGeneric.mg.8c00783a2b0d6e27
CAT-QuickHealTrojan.WacatacPMF.S16539689
McAfeeGenericRXIP-BJ!8C00783A2B0D
CylanceUnsafe
ZillyaTrojan.Injector.Win32.1296415
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00548e051 )
K7GWTrojan ( 00548e051 )
Cybereasonmalicious.a2b0d6
BitDefenderThetaAI:Packer.9896AD8521
CyrenW32/Injector.OZVT-2500
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.AHHO
TrendMicro-HouseCallRansom_Blocker.R03BC0DL921
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Blocker.ujaf
BitDefenderGen:Variant.Symmi.34741
NANO-AntivirusTrojan.Win32.Dapato.bsjzfg
AvastWin32:MBRlock-DV [Trj]
TencentTrojan.Win32.Blocker.zg
Ad-AwareGen:Variant.Symmi.34741
EmsisoftGen:Variant.Symmi.34741 (B)
ComodoTrojWare.Win32.Injector.HO@82j6jo
F-SecureDropper.DR/Delphi.Gen
TrendMicroRansom_Blocker.R03BC0DL921
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
SophosML/PE-A + Troj/Agent-BFYB
IkarusTrojan-Ransom.Blocker
GDataWin32.Trojan.PSE.12SKUJH
JiangminTrojan.Blocker.pkq
AviraDR/Delphi.Gen
Antiy-AVLTrojan[Ransom]/Win32.Blocker
ArcabitTrojan.Symmi.D87B5
MicrosoftTrojan:Win32/Injector.INK!MTB
SentinelOneStatic AI – Malicious PE
AhnLab-V3Dropper/Win32.Dapato.R83155
Acronissuspicious
VBA32Trojan.Downloader
TACHYONBackdoor/W32.Androm.8316928
MalwarebytesTrojan.Crypt
APEXMalicious
RisingTrojan.Injector!1.DA56 (CLASSIC)
YandexTrojan.Injector!nfedw5apY3U
MAXmalware (ai score=82)
eGambitUnsafe.AI_Score_96%
FortinetW32/Injector.AHHO!tr
AVGWin32:MBRlock-DV [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)
MaxSecureTrojan.Malware.127304917.susgen

How to remove Trojan-Ransom.Win32.Blocker.ujaf?

Trojan-Ransom.Win32.Blocker.ujaf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment