Categories: RansomTrojan

How to remove “Trojan-Ransom.Win32.Foreign.ndge”?

The Trojan-Ransom.Win32.Foreign.ndge is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Foreign.ndge virus can do?

Behavioural detection: Executable code extraction – unpacking
Performs HTTP requests potentially not found in PCAP.
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
CAPE detected the shellcode patterns malware family
Checks for the presence of known devices from debuggers and forensic tools
Checks for the presence of known devices from debuggers and forensic tools
Attempts to modify proxy settings
CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
Creates known SpyNet mutexes and/or registry changes.
Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan-Ransom.Win32.Foreign.ndge?


File Info:
name: A886A61B086F858AB74E.mlwpath: /opt/CAPEv2/storage/binaries/a6fad18990749ca7ddb38bd619bbb86315d4e9eb0afb1fdea620c37b8bddd340crc32: 2F1CD45Fmd5: a886a61b086f858ab74e2ebf4127ccdasha1: 2d5175afcd89168cc7943603d79d680ac74370c3sha256: a6fad18990749ca7ddb38bd619bbb86315d4e9eb0afb1fdea620c37b8bddd340sha512: 2dd9356134f61ffb85548edbf40e3c80c41f936c14ea43f49b8ec9c4df6fc325f253d9e8fad18b5e2697597bfb483da32eeb6ea5523bc95f8c44e445f35109e2ssdeep: 12288:5p9U3WtyUSpKz4/kq/L26IMVlFjq0k68c7zTY6GfIn09AlUjWM1bC:52WtyUSozmPkDGj0MM1bCtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1A9B4F0965A96FC64F98883F8319151E8007D2E2B8B3A4DD824D64BF7D65C3C8B4CED2Dsha3_384: d3a20600ff9ce4a9a515be4a48335bb6accbec6f224aa2009800a0cd66e832bcd4c5121caf2c2729ec423a40e1e7ae5cep_bytes: 558becb90b0000006a006a004975f953timestamp: 1992-06-19 22:22:17
Version Info:
0: [No Data]

Trojan-Ransom.Win32.Foreign.ndge also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Foreign.1f!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Barys.2020
FireEye	Generic.mg.a886a61b086f858a
CAT-QuickHeal	Trojan.Obfuscator.DV
Skyhigh	BehavesLike.Win32.Generic.hm
McAfee	PWS-Zbot.gen.bfk
Malwarebytes	Backdoor.LimeRat
VIPRE	Gen:Variant.Barys.2020
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/Injector.1651a69f
K7GW	Password-Stealer ( 0040f2991 )
K7AntiVirus	Password-Stealer ( 0040f2991 )
BitDefenderTheta	AI:Packer.73B2045721
VirIT	Trojan.Win32.MulDrop2.CGOR
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.LFJ
APEX	Malicious
ClamAV	Win.Trojan.Delf-6996546-0
Kaspersky	Trojan-Ransom.Win32.Foreign.ndge
BitDefender	Gen:Variant.Barys.2020
NANO-Antivirus	Trojan.Win32.Drop.ibzud
Avast	Win32:Delf-RFT [Drp]
Tencent	Win32.Trojan-Ransom.Foreign.Iflw
TACHYON	Ransom/W32.DP-Foreign.523776
Emsisoft	Gen:Variant.Barys.2020 (B)
F-Secure	Backdoor.BDS/Tordev.A
DrWeb	Trojan.MulDrop2.39589
Zillya	Trojan.Injector.Win32.62624
TrendMicro	Ransom_Foreign.R002C0DB824
Trapmine	malicious.high.ml.score
Sophos	Troj/Zusy-Fam
Ikarus	Trojan.Win32.Llac
GData	Gen:Variant.Barys.2020
Jiangmin	Trojan/Generic.pnfy
Webroot	W32.Trojan.Gen
Google	Detected
Avira	BDS/Tordev.A
Varist	W32/Delf.BF.gen!Eldorado
Antiy-AVL	Trojan/Win32.AGeneric
Kingsoft	Win32.Troj.Undef.a
Xcitium	TrojWare.Win32.Agent.TOR@4p7zqv
Arcabit	Trojan.Barys.D7E4
ViRobot	Trojan.Win32.Z.Injector.523776.BP
ZoneAlarm	Trojan-Ransom.Win32.Foreign.ndge
Microsoft	VirTool:Win32/Injector.BG!bit
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Llac.R36500
ALYac	Gen:Variant.Barys.2020
MAX	malware (ai score=100)
Cylance	unsafe
Panda	Trj/Velphi.c
TrendMicro-HouseCall	Ransom_Foreign.R002C0DB824
Rising	Trojan.Generic@AI.100 (RDML:sM4YjJ58eaLJ4YRB1H0BTQ)
Yandex	Trojan.Injector!VHFQPctr6Dg
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.2588.susgen
Fortinet	W32/Injector.YZF!tr
AVG	Win32:Delf-RFT [Drp]
Cybereason	malicious.fcd891
DeepInstinct	MALICIOUS