Ransom Trojan

Should I remove “Trojan-Ransom.Win32.GandCrypt.ewt”?

Malware Removal

The Trojan-Ransom.Win32.GandCrypt.ewt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.GandCrypt.ewt virus can do?

  • Executable code extraction
  • Creates RWX memory
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Turkish
  • The binary likely contains encrypted or compressed data.
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

www.billerimpex.com
www.macartegrise.eu
www.poketeg.com
perovaphoto.ru
asl-company.ru
www.fabbfoundation.gm
www.perfectfunnelblueprint.com
www.wash-wear.com
pp-panda74.ru
cevent.net

How to determine Trojan-Ransom.Win32.GandCrypt.ewt?


File Info:

crc32: 62044BED
md5: c022b60060a50df55b0398b532aa1052
name: C022B60060A50DF55B0398B532AA1052.mlw
sha1: 28e4fea28851161a69b43afe43b4e908b4eb5e33
sha256: 3c2dcf18b35c8cc7cff5e17b40575419edce8c6f0cf080144eb9c83be66936de
sha512: a223266197973e5d2cde4b7aa28babcfd8d15030059385ee1e32c28b144d67e67735e5da5b0f2d7bec9912a4ccf24752ff9aad739879c041723f092895212e32
ssdeep: 3072:Ql5cASK9UcmS6PC+72kdbx+3OtG8z9IOjwz8MwyFXb/yIC8mF0:CKASK9UcmkFKGGnfgXy8w0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: sdafsdgsfdg.exe
FileVersion: 1.0.0.1
Translation: 0x0809 0x04b0

Trojan-Ransom.Win32.GandCrypt.ewt also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0053d5971 )
LionicTrojan.Win32.GandCrypt.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.23869
CynetMalicious (score: 100)
CAT-QuickHealTrojan.GenericPMF.S3540257
ALYacTrojan.BRMon.Gen.4
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/GandCrypt.002002
K7GWTrojan ( 0053d5971 )
Cybereasonmalicious.060a50
CyrenW32/Kryptik.IF.gen!Eldorado
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GKSL
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyTrojan-Ransom.Win32.GandCrypt.ewt
BitDefenderTrojan.BRMon.Gen.4
NANO-AntivirusTrojan.Win32.Stealer.fhowkx
ViRobotTrojan.Win32.GandCrab.179200
MicroWorld-eScanTrojan.BRMon.Gen.4
TencentMalware.Win32.Gencirc.114d45ac
Ad-AwareTrojan.BRMon.Gen.4
SophosMal/Generic-S + Mal/GandCrab-B
ComodoTrojWare.Win32.TrojanSpy.Ursnif.EM@7vyz23
BitDefenderThetaGen:NN.ZexaF.34050.ku0@aqdjBZlG
TrendMicroTrojanSpy.Win32.URSNIF.SMKB.hp
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
FireEyeGeneric.mg.c022b60060a50df5
EmsisoftTrojan.BRMon.Gen.4 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.GandCrypt.me
AviraHEUR/AGEN.1106537
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.28053FB
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftVirTool:Win32/CeeInject.AAG!bit
SUPERAntiSpywareRansom.GandCrab/Variant
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan-Ransom.GandCrab.N
AhnLab-V3Win-Trojan/MalPe34.Suspicious.X2029
Acronissuspicious
McAfeePacked-FLX!C022B60060A5
MAXmalware (ai score=100)
VBA32BScope.Trojan.Fuerboos
MalwarebytesTrojan.MalPack.GS
PandaTrj/Genetic.gen
TrendMicro-HouseCallTrojanSpy.Win32.URSNIF.SMKB.hp
RisingTrojan.Generic@ML.100 (RDML:4eWvwgTk4AKodvail9pXLw)
YandexTrojan.GenAsa!hvRhHJNZvYc
IkarusTrojan.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GKSY!tr
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.CeeInject.HwoCEpsA

How to remove Trojan-Ransom.Win32.GandCrypt.ewt?

Trojan-Ransom.Win32.GandCrypt.ewt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment