Ransom Trojan

Trojan-Ransom.Win32.Darkside.b (file analysis)

Malware Removal

The Trojan-Ransom.Win32.Darkside.b is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Darkside.b virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary likely contains encrypted or compressed data.
  • Checks for the presence of known windows from debuggers and forensic tools
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Darkside.b?



File Info:

crc32: E1C611F5
md5: c81dae5c67fb72a2c2f24b178aea50b7
name: C81DAE5C67FB72A2C2F24B178AEA50B7.mlw
sha1: 4bd6437cd1dc77097a7951466531674f80c866c6
sha256: 48a848bc9e0f126b41e5ca196707412c7c40087404c0c8ed70e5cee4a418203a
sha512: 30d63e080f37f34fb29fd46f8fb1572d79f645154a002c8da5914ae3d51e224bc60601f91f5d58ac2ce9f81d56a8ad467d7fde55d429ed269df3c196e6687b2c
ssdeep: 6144:UQyTTOip6TGcWnsmx7KbYrBPIJqcKxxY1:E3gGcWnNJIJqDxxY
type: MS-DOS executable, MZ for MS-DOS


Version Info:

0: [No Data]

Trojan-Ransom.Win32.Darkside.b also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005696151 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.32386
CynetMalicious (score: 100)
CAT-QuickHealTrojanransom.Darkside
ALYacTrojan.Ransom.Filecoder
CylanceUnsafe
ZillyaTrojan.Obsidium.Win32.802
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/generic.ali2000010
K7GWTrojan ( 005696151 )
Cybereasonmalicious.c67fb7
CyrenW32/Trojan.UJXE-8785
SymantecTrojan Horse
ESET-NOD32Win32/Filecoder.DarkSide.A
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan-Ransom.Win32.Darkside.b
BitDefenderGen:Trojan.Heur.PT.omZ@bSEA3vk
NANO-AntivirusTrojan.Win32.Encoder.hsqsoj
ViRobotTrojan.Win32.S.DarkSide.232256
MicroWorld-eScanGen:Trojan.Heur.PT.omZ@bSEA3vk
TencentWin32.Trojan.Agent.Swun
Ad-AwareGen:Trojan.Heur.PT.omZ@bSEA3vk
SophosML/PE-A + Mal/EncPk-ANL
ComodoPacked.Win32.MNSP.Gen@2697wr
BitDefenderThetaAI:Packer.A420046E1E
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom.Win32.DARKSIDE.FAIQ
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
FireEyeGeneric.mg.c81dae5c67fb72a2
EmsisoftGen:Trojan.Heur.PT.omZ@bSEA3vk (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1128017
MicrosoftTrojan:MSIL/Cryptor
ArcabitTrojan.Heur.PT.E52E2C
AegisLabTrojan.Win32.Malicious.4!c
ZoneAlarmTrojan-Ransom.Win32.Darkside.b
GDataGen:Trojan.Heur.PT.omZ@bSEA3vk
AhnLab-V3Trojan/Win.Ransomlock.C4465498
Acronissuspicious
McAfeeGeneric-FAWW!C81DAE5C67FB
MAXmalware (ai score=100)
VBA32TrojanRansom.Agent
MalwarebytesRansom.DarkSide
TrendMicro-HouseCallRansom.Win32.DARKSIDE.FAIQ
RisingRansom.DarkSide!8.11F84 (CLOUD)
YandexTrojan.Obsidium!eyTqKn+WhnM
IkarusTrojan.Win32.Obsidium
MaxSecureTrojan.Malware.73774235.susgen
FortinetW32/Packed.OBSIDIUM.BV!tr
AVGWin32:Trojan-gen
Paloaltogeneric.ml

How to remove Trojan-Ransom.Win32.Darkside.b?

Trojan-Ransom.Win32.Darkside.b removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment