Ransom Trojan

About “Trojan-Ransom.Win32.Crusis.byn” infection

Malware Removal

The Trojan-Ransom.Win32.Crusis.byn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Crusis.byn virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Attempts to delete volume shadow copies
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Ransom.Win32.Crusis.byn?



File Info:

crc32: B47071B3
md5: 5a26db05aa4542f1a568a8d564adfe85
name: 5A26DB05AA4542F1A568A8D564ADFE85.mlw
sha1: 4d4b2b5b1798fbb041c1080452d3262b31565453
sha256: aa42b7b5bd7800de2aac475f469d3a3d59ddc412ddcb3e6ed893028b331c89af
sha512: be2589f2152b37c50403152aba729a775bc336ddd84d9c60198c92d79991090b16d4401999e6c08f62c8faa6c6be2342478d344e121a063ca5ba911a05d03e82
ssdeep: 3072:YpHp3LCFuYEzK+3KEgyY1qUFrL0NWR0HjE1S54Hfur82prE++:GJGFBaPV01qKL0Nqyuf682d
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2010 by Acro Software Inc., All Rights Reserved
InternalName: PDF Writer
FileVersion: 2, 7, 7, 1
CompanyName: Acro Software Inc.
LegalTrademarks: PDF Writer
ProductName: PDF Writer Application
ProductVersion: 2, 7, 0, 1
FileDescription: PDF Writer Application
OriginalFilename: PDFWriter.EXE
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Crusis.byn also known as:

BkavW32.AIDetect.malware1
K7AntiVirusBackdoor ( 005328fd1 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.3953
CynetMalicious (score: 100)
CAT-QuickHealTrojan.MauvaiseRI.S5252142
ALYacTrojan.Ransom.Troldesh.GenericKD.30325693
CylanceUnsafe
ZillyaTrojan.Crusis.Win32.813
SangforRansom.Win32.Crusis.byn
CrowdStrikewin/malicious_confidence_100% (W)
K7GWBackdoor ( 005328fd1 )
Cybereasonmalicious.5aa454
SymantecPacked.Generic.459
ESET-NOD32Win32/Filecoder.Crysis.P
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Emotet-7169098-0
KasperskyTrojan-Ransom.Win32.Crusis.byn
BitDefenderTrojan.Ransom.Troldesh.GenericKD.30325693
NANO-AntivirusTrojan.Win32.Crusis.exyfcd
SUPERAntiSpywareTrojan.Agent/Gen-Crypt
MicroWorld-eScanTrojan.Ransom.Troldesh.GenericKD.30325693
Ad-AwareTrojan.Ransom.Troldesh.GenericKD.30325693
SophosML/PE-A + Mal/Cerber-AL
ComodoMalware@#x1zp69mr3b0p
F-SecureHeuristic.HEUR/AGEN.1125229
BitDefenderThetaGen:NN.ZexaF.34738.jq0@aqizYKii
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYSIS.TICOAAP
FireEyeGeneric.mg.5a26db05aa4542f1
EmsisoftTrojan.Ransom.Troldesh.GenericKD.30325693 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1125229
Antiy-AVLTrojan/Generic.ASMalwS.246D5CF
MicrosoftRansom:Win32/Wadhrama.A!rfn
ArcabitTrojan.Ransom.Troldesh.Generic.D1CEBBBD
AegisLabTrojan.Win32.Crusis.j!c
GDataTrojan.Ransom.Troldesh.GenericKD.30325693
AhnLab-V3Win-Trojan/Lukitus2.Exp
Acronissuspicious
McAfeeGeneric.czw
MAXmalware (ai score=97)
VBA32BScope.TrojanDownloader.Dridex
TrendMicro-HouseCallRansom_CRYSIS.TICOAAP
RisingTrojan.Kryptik!1.B04B (CLASSIC)
YandexTrojan.Crusis!cpTVCapZOWI
IkarusTrojan-Proxy.Agent
FortinetW32/Injector.EETM!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan-Ransom.Win32.Crusis.byn?

Trojan-Ransom.Win32.Crusis.byn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment