Ransom Trojan

About “Trojan-Ransom.Win32.Cryptoff.bmb” infection

Malware Removal

The Trojan-Ransom.Win32.Cryptoff.bmb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Cryptoff.bmb virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Unconventionial language used in binary resources: Danish
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan-Ransom.Win32.Cryptoff.bmb?



File Info:

crc32: 2333AF56
md5: 68f8abb8517635c0b165d4935f2f7abe
name: 68F8ABB8517635C0B165D4935F2F7ABE.mlw
sha1: 54523b99ecb1260d6eb80726b182d4f6d4955572
sha256: 8e99deffe97012a51e60aceeacc870abd273ec8e456928758c007a9df9fae6fa
sha512: fb4e1d2db799b790f3b40fdf966c20cf0174484eb25da92f6b7ee245ea8b91c766fd33f907920af513020c2d9946bd5b3684607907448026112a2b9896fb0b8d
ssdeep: 3072:prNCPqdnFlsko9MrYAMEvw+DWzD75MaeVSmh5ErnievKr8Swq76Gi0KsYa72nSJ:pRcMrCEvmJmh6iQKbYa7HVQDrNLzM
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9. SurveyMonkey
CompanyName: SurveyMonkey
LegalTrademarks: Copyright xa9. SurveyMonkey
ProductName: BobssRoutines
ProductVersion: 7.5.4.520
FileDescription: Analytic Collate Updatable Wrote
Translation: 0x0406 0x04b0

Trojan-Ransom.Win32.Cryptoff.bmb also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 004f15bb1 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.11536
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.6100869
CylanceUnsafe
ZillyaTrojan.Cryptoff.Win32.542
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaRansom:Win32/Cryptoff.79ad75fa
K7GWTrojan ( 004f15bb1 )
Cybereasonmalicious.851763
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Filecoder.FP
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Cryptoff.bmb
BitDefenderTrojan.GenericKD.6100869
NANO-AntivirusTrojan.Win32.Cryptoff.etqzvp
MicroWorld-eScanTrojan.GenericKD.6100869
TencentWin32.Trojan.Cryptoff.Wskm
Ad-AwareTrojan.GenericKD.6100869
SophosMal/Generic-S
ComodoMalware@#b2rg66jsltr2
BitDefenderThetaGen:NN.ZexaF.34608.uG0@amBHJ2nG
VIPRETrojan.Win32.Generic!BT
TrendMicroMal_MiliCry-2t
McAfee-GW-EditionBehavesLike.Win32.Backdoor.fc
FireEyeGeneric.mg.68f8abb8517635c0
EmsisoftTrojan.GenericKD.6100869 (B)
AviraTR/Crypt.ZPACK.hocqc
eGambitUnsafe.AI_Score_96%
MicrosoftRansom:Win32/CryptoLemPiz.A
AegisLabTrojan.Win32.Cryptoff.4!c
GDataTrojan.GenericKD.6100869
AhnLab-V3Win-Trojan/Sagecrypt.Gen
McAfeeArtemis!68F8ABB85176
MAXmalware (ai score=99)
VBA32TrojanRansom.Cryptoff
MalwarebytesMachineLearning/Anomalous.100%
PandaTrj/CI.A
TrendMicro-HouseCallMal_MiliCry-2t
RisingTrojan.Generic@ML.100 (RDML:EjarlZeJasrk/Nx5BVSDcA)
YandexTrojan.Cryptoff!iHbUxxHllQg
SentinelOneStatic AI – Suspicious PE
FortinetW32/Filecoder.FP!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Cryptoff.HgIASOkA

How to remove Trojan-Ransom.Win32.Cryptoff.bmb?

Trojan-Ransom.Win32.Cryptoff.bmb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment