Ransom • Trojan

What is “Trojan-Ransom.Win32.PornoAsset.dchp”?

The Trojan-Ransom.Win32.PornoAsset.dchp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Ransom.Win32.PornoAsset.dchp virus can do?

Creates RWX memory
Repeatedly searches for a not-found browser, may want to run with startbrowser=1 option
The binary likely contains encrypted or compressed data.
Network activity detected but not expressed in API logs

How to determine Trojan-Ransom.Win32.PornoAsset.dchp?


File Info:
crc32: 454CB51A
md5: 5a7cdb0b2733ce1c065fd48d268e5a76
name: 5A7CDB0B2733CE1C065FD48D268E5A76.mlw
sha1: 15dd251b27f3036d48d9ade24e22b26c116748e3
sha256: 3c530c6241bf0316b411726e5c8c47cf03711912bae97ee19994744c667de60a
sha512: 23c790417c6a9a6f8d0f5553e8890386531c7b41f71b96a02ae6c39372c1bdcc5e27fcb5db3c528857eb3bd4b6e1608f13a4d6ec7ef79eca6fcd8aca0051fb52
ssdeep: 12288:i+SXACora0qwP6WutfTsbI7XHgZQKhJgeCmVuP7:iJXACofqT9TssLHgZpJEEuP7
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: xa9 2010 Microsoft Corporation.  All rights reserved.
InternalName: OneNote
FileVersion: 14.0.4750.1000
CompanyName: Microsoft Corporation
LegalTrademarks1: Microsoftxae is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windowsxae is a registered trademark of Microsoft Corporation.
ProductName: Microsoft OneNote
ProductVersion: 14.0.4750.1000
FileDescription: Microsoft OneNote Internet Explorer Content Service
OriginalFilename: IEContentService.exe
Translation: 0x0000 0x04e4

Trojan-Ransom.Win32.PornoAsset.dchp also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Riskware ( 0040eff71 )
Cynet	Malicious (score: 99)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.b27f30
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
Kaspersky	Trojan-Ransom.Win32.PornoAsset.dchp
NANO-Antivirus	Trojan.Win32.PornoAsset.exzcui
Tencent	Win32.Trojan.Pornoasset.Sxey
Sophos	Mal/Generic-S
Comodo	Malware@#1g6dstk3nfvs1
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Virut.jh
FireEye	Generic.mg.5a7cdb0b2733ce1c
SentinelOne	Static AI – Suspicious PE
Avira	TR/Patched.Ren.Gen
Microsoft	Trojan:Win32/Occamy.B
McAfee	Artemis!5A7CDB0B2733
MAX	malware (ai score=94)
Yandex	Trojan.PornoAsset!+5WrrWywQU8
Ikarus	Trojan.Patched
Fortinet	W32/PossibleThreat
AVG	Win32:Evo-gen [Susp]
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.PornoAsset.HgIASQ8A

How to remove Trojan-Ransom.Win32.PornoAsset.dchp?

Trojan-Ransom.Win32.PornoAsset.dchp removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X