Categories: RansomTrojan

Trojan-Ransom.Win32.Foreign.oarp (file analysis)

The Trojan-Ransom.Win32.Foreign.oarp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Foreign.oarp virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Checks for the presence of known windows from debuggers and forensic tools
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Checks the presence of disk drives in the registry, possibly for anti-virtualization

Related domains:

www.bing.com

How to determine Trojan-Ransom.Win32.Foreign.oarp?


File Info:
crc32: 8F6ADDF5md5: 1f4e14531de46b02ef353f2156a2ae82name: 1F4E14531DE46B02EF353F2156A2AE82.mlwsha1: 65fbf8ba4f20dba1737e57d6149431330a5e40b8sha256: 9c5aa63b6f0e7cc14c7d2ed42fae4f8841bf8585424f6a21e6d1513f67c32491sha512: 3628dbdfd2069519b5ec1d22b81cc18e1f9ae94905501847e1562039e217b791ac1f52fe94b94df9ce183d2132a6ec11342f21e05a48981b1cd25753a7819a18ssdeep: 24576:pfZHV3SY6conUHlzr6QASjaRyxXz1BMsV8VO:pRHV3OconKpnecxxZ8VOtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Infopulse (C) 2007-2015 InternalName: Multitaskers RestaurantsFileVersion: 3.3.7.9CompanyName: InfopulsePrivateBuild: 3.3.7.9LegalTrademarks: Infopulse (C) 2007-2015 Comments: Passengers CultProductName: Multitaskers RestaurantsLanguages: EnglishProductVersion: 3.3.7.9FileDescription: Passengers CultOriginalFilename: Multitaskers Restaurants.exeTranslation: 0x0409 0x04b0

Trojan-Ransom.Win32.Foreign.oarp also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 00539c7b1 )
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.Brresmon.126
Cylance	Unsafe
Zillya	Trojan.Foreign.Win32.57901
Alibaba	Ransom:Win32/Foreign.4eec718a
K7GW	Trojan ( 00539c7b1 )
Cybereason	malicious.31de46
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.FRCF
APEX	Malicious
Avast	FileRepMalware
Kaspersky	Trojan-Ransom.Win32.Foreign.oarp
BitDefender	Gen:Variant.Brresmon.126
MicroWorld-eScan	Gen:Variant.Brresmon.126
Tencent	Win32.Trojan.Foreign.Eaeg
Ad-Aware	Gen:Variant.Brresmon.126
Sophos	Mal/Generic-S
Comodo	Malware@#25x9y2a99t4u1
BitDefenderTheta	Gen:NN.ZexaF.34688.mr0@aGAA@0ei
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
FireEye	Generic.mg.1f4e14531de46b02
Emsisoft	Gen:Variant.Brresmon.126 (B)
Jiangmin	Trojan.Foreign.eth
Webroot	W32.Adware.Gen
Avira	HEUR/AGEN.1104894
Microsoft	Trojan:Win32/Occamy.B
AegisLab	Trojan.Win32.Foreign.j!c
GData	Gen:Variant.Brresmon.126
TACHYON	Ransom/W32.Foreign.1245184
McAfee	Artemis!1F4E14531DE4
MAX	malware (ai score=100)
VBA32	BScope.TrojanPSW.Stealer
Malwarebytes	Malware.AI.3123347197
Panda	Trj/GdSda.A
Rising	Ransom.Foreign!8.292 (CLOUD)
Yandex	Trojan.Foreign!5lcnJuj476I
Ikarus	Trojan-Spy.Remcos
Fortinet	W32/Foreign.OARP!tr
AVG	FileRepMalware
Paloalto	generic.ml