Ransom Trojan

Trojan-Ransom.Win32.GandCrypt.eyv malicious file

Malware Removal

The Trojan-Ransom.Win32.GandCrypt.eyv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.GandCrypt.eyv virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Appends a known encryptJJS ransomware file extension to files that have been encrypted
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.GandCrypt.eyv?



File Info:

crc32: B53029BA
md5: a9a0348a9f1a745366d7820f1072f245
name: A9A0348A9F1A745366D7820F1072F245.mlw
sha1: 9c00203573fc231f4c46f72ad4388c05eb38bdf3
sha256: 910509c5ec831116d25322946c152bc844da754ef379c2461d3549774707c546
sha512: 25da7ef6e0aabbd7b3ea914a6fb1dab0697da2d994f76a95311e0fe5803621294836a734940840fc4614e51ba3715524155d01d86cb336c2710dce3d4d657ef7
ssdeep: 3072:ffh+niXMdKXMeLVeh+mVcP8a3meDElg9qCPMN8wYuS0QdpVFsRqy9e:R+iXMdKXMh5cLJ1ETf8Cq0e
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

FileVersion: 1.0.0.2
Translation: 0x0809 0x04b0

Trojan-Ransom.Win32.GandCrypt.eyv also known as:

BkavW32.Toransa.Trojan
K7AntiVirusTrojan ( 0053d5971 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.25976
CynetMalicious (score: 100)
McAfeeTrojan-FQPW!A9A0348A9F1A
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaRansom:Win32/GandCrypt.002002
K7GWTrojan ( 0053d5971 )
Cybereasonmalicious.a9f1a7
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GKVF
APEXMalicious
AvastWin32:PWSX-gen [Trj]
KasperskyTrojan-Ransom.Win32.GandCrypt.eyv
BitDefenderTrojan.BRMon.Gen.4
NANO-AntivirusTrojan.Win32.GandCrypt.fhubih
ViRobotTrojan.Win32.R.Agent.173568.I
MicroWorld-eScanTrojan.BRMon.Gen.4
TencentWin32.Trojan.Gandcrypt.Lorg
Ad-AwareTrojan.BRMon.Gen.4
SophosMal/Generic-R + Mal/GandCrab-B
ComodoTrojWare.Win32.TrojanSpy.Ursnif.EM@7vyz23
BitDefenderThetaGen:NN.ZexaF.34678.ku0@a0ZzWBbG
TrendMicroMal_HPGen-50
McAfee-GW-EditionBehavesLike.Win32.Trojan.cc
FireEyeGeneric.mg.a9a0348a9f1a7453
EmsisoftTrojan.BRMon.Gen.4 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.PSW.Fareit.vdd
AviraHEUR/AGEN.1106537
eGambitUnsafe.AI_Score_75%
MicrosoftTrojan:Win32/Skeeyah.A!rfn
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan-Ransom.GandCrab.O
AhnLab-V3Win-Trojan/MalPe36.Suspicious.X2037
Acronissuspicious
VBA32BScope.TrojanRansom.GandCrypt
MalwarebytesMalware.AI.1996488247
PandaTrj/GdSda.A
TrendMicro-HouseCallMal_HPGen-50
RisingTrojan.Vigorf!8.EAEA (CLOUD)
YandexTrojan.GenAsa!Z7n54DAc300
IkarusTrojan.Win32.Ranumbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.GMSM!tr
AVGWin32:PWSX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.GandCrab.HwoCEpsA

How to remove Trojan-Ransom.Win32.GandCrypt.eyv?

Trojan-Ransom.Win32.GandCrypt.eyv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment