Ransom Trojan

Trojan-Ransom.Win32.Cryptor.feo information

Malware Removal

The Trojan-Ransom.Win32.Cryptor.feo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Cryptor.feo virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Writes a potential ransom message to disk
  • Attempts to modify proxy settings

How to determine Trojan-Ransom.Win32.Cryptor.feo?



File Info:

name: 72A63D3FA404D68096A0.mlw
path: /opt/CAPEv2/storage/binaries/0125d8e744bb40ee8bf74beb9c43eb4ffc4e5217cf80a1843f8d19dfb888ad68
crc32: A98A2681
md5: 72a63d3fa404d68096a0327c34f677c8
sha1: d81173de0becd320040ca950e153f4860719e599
sha256: 0125d8e744bb40ee8bf74beb9c43eb4ffc4e5217cf80a1843f8d19dfb888ad68
sha512: 8b7fb6bc85d9a33fbc2e43cb452f7f07e82b9a70b2c2ef0311290e4976cc78bd36aa22d4b6f4245d7bf3240e4525b09aba50083e88c682f5e818e7a6d1a3c40c
ssdeep: 768:uqul0GM06BZmLxgENXl3H5YKx852q3vTNybTEkY+Xv73kfKi/jmlzmijJ1jebpme:K0G3QoXYSs93kbTRvj3w/jlNbpE3i0
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T15B430235EF253372D5EB633E578A064B038D177D51246F7BCAD2399538A8AD3304AC21
sha3_384: bb1bd31515d0f72c466cd7447467c4ec982d97683760e3547bf676a6f88e104af8a4b4c95a092a586d2f4358e1c8ac1e
ep_bytes: 6a00e889ffffff33c0c2040000000000
timestamp: 2021-09-04 18:00:27


Version Info:

0: [No Data]

Trojan-Ransom.Win32.Cryptor.feo also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
McAfeeGenericRXQS-VX!72A63D3FA404
CylanceUnsafe
SangforRansom.Win32.Cryptor.feo
K7AntiVirusTrojan ( 0058ac911 )
BitDefenderGen:Variant.Ransom.Sugar.17
K7GWTrojan ( 0058ac911 )
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/Filecoder.CM.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Filecoder.OJD
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Ransomware.Sugar-9938412-0
KasperskyTrojan-Ransom.Win32.Cryptor.feo
AlibabaRansom:Win32/generic.ali2000010
MicroWorld-eScanGen:Variant.Ransom.Sugar.17
AvastWin32:Malware-gen
RisingRansom.Cryptor!8.10A9 (CLOUD)
Ad-AwareGen:Variant.Ransom.Sugar.17
SophosML/PE-A
F-SecureTrojan.TR/Dropper.Gen
TrendMicroTROJ_FRS.0NA103B222
McAfee-GW-EditionGenericRXQS-VX!72A63D3FA404
FireEyeGeneric.mg.72a63d3fa404d680
EmsisoftGen:Variant.Ransom.Sugar.17 (B)
IkarusTrojan-Ransom.FileCrypter
GDataGen:Variant.Ransom.Sugar.17
AviraTR/Dropper.Gen
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.34D6DB3
GridinsoftRansom.Win32.AI.sa
ArcabitTrojan.Ransom.Sugar.17
MicrosoftRansom:Win32/FileCryptor.MAK!MTB
AhnLab-V3Trojan/Win.Generic.C4525901
Acronissuspicious
VBA32BScope.TrojanRansom.Cryptor
ALYacTrojan.Ransom.Filecoder
TACHYONRansom/W32.Enc.59392
MalwarebytesRansom.Encoded01
TrendMicro-HouseCallTROJ_FRS.0NA103B222
TencentWin32.Trojan.Filecoder.Ahes
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Malware
FortinetW32/Filecoder.OJD!tr.ransom
BitDefenderThetaAI:Packer.456DD6081E
AVGWin32:Malware-gen
Cybereasonmalicious.fa404d
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan-Ransom.Win32.Cryptor.feo?

Trojan-Ransom.Win32.Cryptor.feo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment