Ransom Trojan

Trojan-Ransom.Win32.Locky.xeh information

Malware Removal

The Trojan-Ransom.Win32.Locky.xeh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Locky.xeh virus can do?

  • Executable code extraction
  • Compression (or decompression)
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Reads data out of its own binary image
  • Behavior consistent with a dropper attempting to download the next stage.
  • Exhibits behavior characteristic of Locky ransomware
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Locky.xeh?



File Info:

crc32: AE055CE4
md5: 352ceadfe7dce0145b365d7b97b875e9
name: 352CEADFE7DCE0145B365D7B97B875E9.mlw
sha1: 26ab72dd20335bb3f45377ed687d7c0902d62aae
sha256: 45dd381cba54710d924ec668ebe6df7ea39715dd279d537c3e0b5d7731fc69ce
sha512: 450d06eb7bd26f227dd9f5e95996d83b9de72949302b48e1158e9526c4fba5808f12186eaf2581b2ba2b86426e1d2e25d01e1fedd0d97e30d27c00007e5e5cb4
ssdeep: 3072:St2fc8yRmqM1qlYzIQ45VRzg1JkowDCzB7I1GTXRICt5dqKDpdm4MG9BLXW1CTDB:SGy4qM153SmzkzDCXSCtbLG45BL4CHgS
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive


Version Info:

0: [No Data]

Trojan-Ransom.Win32.Locky.xeh also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005034d51 )
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.3976
CynetMalicious (score: 85)
ALYacTrojan.GenericKD.12140581
CylanceUnsafe
SangforRansom.Win32.Locky.xeh
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaRansom:Win32/Locky.1f8c79b2
K7GWTrojan ( 005034d51 )
Cybereasonmalicious.fe7dce
SymantecRansom.Cerber
ESET-NOD32a variant of NSIS/Injector.SG
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Locky.xeh
BitDefenderTrojan.GenericKD.12140581
NANO-AntivirusTrojan.Nsis.Locky.elfehs
SUPERAntiSpywareRansom.Cerber/Variant
MicroWorld-eScanTrojan.GenericKD.12140581
TencentWin32.Trojan.Locky.Lhng
Ad-AwareTrojan.GenericKD.12140581
SophosMal/Generic-R + Mal/Cerber-AA
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.ObfusRansom.cc
FireEyeGeneric.mg.352ceadfe7dce014
EmsisoftTrojan.GenericKD.12140581 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Nisloder.ii
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
MicrosoftRansom:Win32/Locky
ArcabitTrojan.Generic.DB94025
AegisLabTrojan.Win32.Locky.j!c
GDataTrojan.GenericKD.12140581
AhnLab-V3Trojan/Win32.Cerber.R194240
McAfeeArtemis!352CEADFE7DC
MAXmalware (ai score=99)
VBA32TrojanRansom.Locky
MalwarebytesMalware.AI.1602372018
PandaTrj/CI.A
IkarusTrojan.NSIS.Injector
FortinetW32/Injector.SH!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Locky.HyoD8I0A

How to remove Trojan-Ransom.Win32.Locky.xeh?

Trojan-Ransom.Win32.Locky.xeh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment