Ransom Trojan

What is “Trojan-Ransom.Win32.PornoAsset.dchp”?

Malware Removal

The Trojan-Ransom.Win32.PornoAsset.dchp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.PornoAsset.dchp virus can do?

  • Creates RWX memory
  • Repeatedly searches for a not-found browser, may want to run with startbrowser=1 option
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs

How to determine Trojan-Ransom.Win32.PornoAsset.dchp?



File Info:

crc32: 454CB51A
md5: 5a7cdb0b2733ce1c065fd48d268e5a76
name: 5A7CDB0B2733CE1C065FD48D268E5A76.mlw
sha1: 15dd251b27f3036d48d9ade24e22b26c116748e3
sha256: 3c530c6241bf0316b411726e5c8c47cf03711912bae97ee19994744c667de60a
sha512: 23c790417c6a9a6f8d0f5553e8890386531c7b41f71b96a02ae6c39372c1bdcc5e27fcb5db3c528857eb3bd4b6e1608f13a4d6ec7ef79eca6fcd8aca0051fb52
ssdeep: 12288:i+SXACora0qwP6WutfTsbI7XHgZQKhJgeCmVuP7:iJXACofqT9TssLHgZpJEEuP7
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 2010 Microsoft Corporation.  All rights reserved.
InternalName: OneNote
FileVersion: 14.0.4750.1000
CompanyName: Microsoft Corporation
LegalTrademarks1: Microsoftxae is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windowsxae is a registered trademark of Microsoft Corporation.
ProductName: Microsoft OneNote
ProductVersion: 14.0.4750.1000
FileDescription: Microsoft OneNote Internet Explorer Content Service
OriginalFilename: IEContentService.exe
Translation: 0x0000 0x04e4

Trojan-Ransom.Win32.PornoAsset.dchp also known as:

BkavW32.AIDetect.malware1
K7AntiVirusRiskware ( 0040eff71 )
CynetMalicious (score: 99)
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.b27f30
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Evo-gen [Susp]
KasperskyTrojan-Ransom.Win32.PornoAsset.dchp
NANO-AntivirusTrojan.Win32.PornoAsset.exzcui
TencentWin32.Trojan.Pornoasset.Sxey
SophosMal/Generic-S
ComodoMalware@#1g6dstk3nfvs1
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Virut.jh
FireEyeGeneric.mg.5a7cdb0b2733ce1c
SentinelOneStatic AI – Suspicious PE
AviraTR/Patched.Ren.Gen
MicrosoftTrojan:Win32/Occamy.B
McAfeeArtemis!5A7CDB0B2733
MAXmalware (ai score=94)
YandexTrojan.PornoAsset!+5WrrWywQU8
IkarusTrojan.Patched
FortinetW32/PossibleThreat
AVGWin32:Evo-gen [Susp]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.PornoAsset.HgIASQ8A

How to remove Trojan-Ransom.Win32.PornoAsset.dchp?

Trojan-Ransom.Win32.PornoAsset.dchp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment