Ransom Trojan

Trojan-Ransom.Win32.Foreign.oarp (file analysis)

Malware Removal

The Trojan-Ransom.Win32.Foreign.oarp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Foreign.oarp virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Checks for the presence of known windows from debuggers and forensic tools
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

Related domains:

www.bing.com

How to determine Trojan-Ransom.Win32.Foreign.oarp?



File Info:

crc32: 8F6ADDF5
md5: 1f4e14531de46b02ef353f2156a2ae82
name: 1F4E14531DE46B02EF353F2156A2AE82.mlw
sha1: 65fbf8ba4f20dba1737e57d6149431330a5e40b8
sha256: 9c5aa63b6f0e7cc14c7d2ed42fae4f8841bf8585424f6a21e6d1513f67c32491
sha512: 3628dbdfd2069519b5ec1d22b81cc18e1f9ae94905501847e1562039e217b791ac1f52fe94b94df9ce183d2132a6ec11342f21e05a48981b1cd25753a7819a18
ssdeep: 24576:pfZHV3SY6conUHlzr6QASjaRyxXz1BMsV8VO:pRHV3OconKpnecxxZ8VO
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Infopulse (C) 2007-2015 
InternalName: Multitaskers Restaurants
FileVersion: 3.3.7.9
CompanyName: Infopulse
PrivateBuild: 3.3.7.9
LegalTrademarks: Infopulse (C) 2007-2015 
Comments: Passengers Cult
ProductName: Multitaskers Restaurants
Languages: English
ProductVersion: 3.3.7.9
FileDescription: Passengers Cult
OriginalFilename: Multitaskers Restaurants.exe
Translation: 0x0409 0x04b0

Trojan-Ransom.Win32.Foreign.oarp also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 00539c7b1 )
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
ALYacGen:Variant.Brresmon.126
CylanceUnsafe
ZillyaTrojan.Foreign.Win32.57901
AlibabaRansom:Win32/Foreign.4eec718a
K7GWTrojan ( 00539c7b1 )
Cybereasonmalicious.31de46
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.FRCF
APEXMalicious
AvastFileRepMalware
KasperskyTrojan-Ransom.Win32.Foreign.oarp
BitDefenderGen:Variant.Brresmon.126
MicroWorld-eScanGen:Variant.Brresmon.126
TencentWin32.Trojan.Foreign.Eaeg
Ad-AwareGen:Variant.Brresmon.126
SophosMal/Generic-S
ComodoMalware@#25x9y2a99t4u1
BitDefenderThetaGen:NN.ZexaF.34688.mr0@aGAA@0ei
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
FireEyeGeneric.mg.1f4e14531de46b02
EmsisoftGen:Variant.Brresmon.126 (B)
JiangminTrojan.Foreign.eth
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1104894
MicrosoftTrojan:Win32/Occamy.B
AegisLabTrojan.Win32.Foreign.j!c
GDataGen:Variant.Brresmon.126
TACHYONRansom/W32.Foreign.1245184
McAfeeArtemis!1F4E14531DE4
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Stealer
MalwarebytesMalware.AI.3123347197
PandaTrj/GdSda.A
RisingRansom.Foreign!8.292 (CLOUD)
YandexTrojan.Foreign!5lcnJuj476I
IkarusTrojan-Spy.Remcos
FortinetW32/Foreign.OARP!tr
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Trojan-Ransom.Win32.Foreign.oarp?

Trojan-Ransom.Win32.Foreign.oarp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment