Ransom Trojan

Trojan-Ransom.Win32.Blocker.zcch (file analysis)

Malware Removal

The Trojan-Ransom.Win32.Blocker.zcch is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Blocker.zcch virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Blocker.zcch?



File Info:

name: E63D4F6DDF335C6412A8.mlw
path: /opt/CAPEv2/storage/binaries/3371d24e4ef50d62df9316d050468fe357b9461f5e58ca3eb766d35877c84254
crc32: DD3A23C6
md5: e63d4f6ddf335c6412a8fe63681aeb2d
sha1: b3367a652ff84c40840d6f09f1f61e17851d731d
sha256: 3371d24e4ef50d62df9316d050468fe357b9461f5e58ca3eb766d35877c84254
sha512: e4e1b34207e03c4d1417df9ffdf881b98f77170de9bc4fbff0e97eeb39c449215896385018f7b686154a4adec663ba87da31c11cf984ffc6ee14f9a623f02122
ssdeep: 6144:ikYJs9UdoJOTWnpkhku33CBTBuZvCwZrOenBskI:ikYJs9UesSBTivC8rO4ep
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T11F34BF97B35020F4D9A78175C8999D21E7F27C5E47B0830E13A876355FB33A1382E7AA
sha3_384: 9e7b149ab876b71815770cc2294ddceb84f646efdf7f6cf1e4aebf207823e4698538c93a34359aa576434a2f4b5a3932
ep_bytes: e848feffffc82000004c897c24f84883
timestamp: 2013-10-08 12:53:49


Version Info:

CompanyName: Oracle Corporation
FileDescription: Java(TM) Platform SE binary
FileVersion: 7.0.450.18
Full Version: 1.7.0_45-b18
InternalName: javaw
LegalCopyright: Copyright © 2013
OriginalFilename: javaw.exe
ProductName: Java(TM) Platform SE 7 U45
ProductVersion: 7.0.450.18
Translation: 0x0000 0x04b0

Trojan-Ransom.Win32.Blocker.zcch also known as:

K7AntiVirusTrojan ( 0059aa0b1 )
K7GWTrojan ( 0059aa0b1 )
CyrenW64/Ipamor.A
SymantecML.Attribute.HighConfidence
ESET-NOD32Win64/Filecoder.GG
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Blocker.zcch
AvastFileRepMalware [Inf]
DrWebWin32.HLLP.Azov.2
TrendMicroRansom.Win64.AZVO.SMYXCJ5
McAfee-GW-EditionBehavesLike.Win64.BadFile.dc
SophosMal/Generic-S
JiangminTrojan.Blocker.urx
Antiy-AVLTrojan/Generic.ASBOL.C73A
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R533510
McAfeeArtemis!E63D4F6DDF33
MalwarebytesMalware.AI.1053266483
RisingRansom.Agent!8.6B7 (TFE:2:U9tOTBNOHOO)
IkarusTrojan-Ransom.FileCrypter
FortinetW64/Filecoder.GG!tr
AVGFileRepMalware [Inf]

How to remove Trojan-Ransom.Win32.Blocker.zcch?

Trojan-Ransom.Win32.Blocker.zcch removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment