Ransom Trojan

Trojan-Ransom.Win32.Cryptodef removal instruction

Malware Removal

The Trojan-Ransom.Win32.Cryptodef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Cryptodef virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempted to write directly to a physical drive

Related domains:

plugin.eydata.net

How to determine Trojan-Ransom.Win32.Cryptodef?



File Info:

name: 341950160A9858EA5E87.mlw
path: /opt/CAPEv2/storage/binaries/2d866321e96831c7d3d7c0b4e8a2215adedb28a61a017be86a52fd4c558acc61
crc32: 66921DC7
md5: 341950160a9858ea5e87cd4049f6c5c3
sha1: e6dc45151089a598a673d25b04a8e523de81b5f8
sha256: 2d866321e96831c7d3d7c0b4e8a2215adedb28a61a017be86a52fd4c558acc61
sha512: bf207edd4bef6c415667be36b398588a0ef40ea692330c164cba5fc0a0fe3a3c1092fcb700eb673829812851afe46d8f2522de3f5232c0319101e3565e0d5f0c
ssdeep: 98304:K9mTXAVqRPYqdwkLcHH7MGLd51YkPu4cJMGBj4DhDZANxBYts+:5TXA8djA7M0LNPy8DpZ+C2+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D4061212B6D380F3C666053119AA3B79D679FF410A20CFD79BA4FE6F2C32541E43616A
sha3_384: 51c6dd829a9fbf14f73c7062f45bdf518d3b0cbedc26f91eb063692099921724cd6b10bd07cc6778b6b47b70d7ef211d
ep_bytes: 558bec6aff6868d979006854b5470064
timestamp: 2015-01-25 17:08:06


Version Info:

FileVersion: 1.2.0.3
FileDescription: 狩猎者安全防护
ProductName: 狩猎者安全防护
ProductVersion: 1.2.0.3
CompanyName: 繁华
LegalCopyright: 繁华 版权所有
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Trojan-Ransom.Win32.Cryptodef also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.35273701
FireEyeGeneric.mg.341950160a9858ea
ALYacTrojan.GenericKD.35273701
CylanceUnsafe
K7AntiVirusTrojan ( 005246d51 )
K7GWTrojan ( 005246d51 )
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-583204
KasperskyHEUR:Trojan-Ransom.Win32.Cryptodef.gen
BitDefenderTrojan.GenericKD.35273701
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.35273701
SophosMal/Generic-S (PUA)
ComodoWorm.Win32.Dropper.RA@1qraug
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
EmsisoftTrojan.GenericKD.35273701 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1THOGOA
AviraTR/Redcap.epdqh
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeArtemis!341950160A98
VBA32Trojan.CryptInject
MalwarebytesTrojan.MalPack.FlyStudio
eGambitUnsafe.AI_Score_100%
FortinetW32/CoinMiner.65CA!tr
BitDefenderThetaGen:NN.ZexaE.34294.1t0@aCpD90pH
AVGWin32:Malware-gen
Cybereasonmalicious.60a985
PandaTrj/GdSda.A
MaxSecureDropper.Dinwod.frindll

How to remove Trojan-Ransom.Win32.Cryptodef?

Trojan-Ransom.Win32.Cryptodef removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment