Ransom Trojan

Trojan-Ransom.Win32.PornoAsset.dicb malicious file

Malware Removal

The Trojan-Ransom.Win32.PornoAsset.dicb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.PornoAsset.dicb virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Attempts to modify Internet Explorer’s start page
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • A process attempted to delay the analysis task by a long amount of time.

How to determine Trojan-Ransom.Win32.PornoAsset.dicb?


File Info:

name: B771059DDC687EEAE4DF.mlw
path: /opt/CAPEv2/storage/binaries/f79d571aa585aacd2999fe9e876f02c130422e0752bc9f2c15db1c91fd5a0919
crc32: E4969D89
md5: b771059ddc687eeae4df4e20703b4e74
sha1: d26353d11cfc73e5a3171f6ea0c95cd5579c56e6
sha256: f79d571aa585aacd2999fe9e876f02c130422e0752bc9f2c15db1c91fd5a0919
sha512: 7f959503cd9ed9051e218d0b4378b414a0c033f326b0b65341d73754b3185274f54825e20382f2e181b7bfc46fd768a4d71ac4e91734c4655f1c7df300c307ed
ssdeep: 98304:RojuflJoU1iuQXKs9+06eDqFeLF5anaTk0U:Yuf7Qbc0qEFonaI0U
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T132363392AED18DA6F56580F97E138992B0F99039FA435420B3F5FE44314CDA673D6F08
sha3_384: 086342f84cb132681fc88f52ea8d00816d6eb80f247d462a01d58c7684a16edfa615aefedac627644c3c238a6f9fcc33
ep_bytes: 53565755488d351a9fbbff488dbedb2f
timestamp: 2019-09-27 22:05:56

Version Info:

0: [No Data]

Trojan-Ransom.Win32.PornoAsset.dicb also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.560460
FireEyeGeneric.mg.b771059ddc687eea
McAfeeTrickbot-FRE!B771059DDC68
CylanceUnsafe
ZillyaTrojan.Kryptik.Win64.6810
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055e5891 )
K7GWTrojan ( 0055e5891 )
Cybereasonmalicious.ddc687
CyrenW64/ReposFxg.A.gen!Eldorado
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win64/CoinMiner.AEF.gen
APEXMalicious
ClamAVWin.Malware.Tofsee-7057860-0
KasperskyTrojan-Ransom.Win32.PornoAsset.dicb
BitDefenderGen:Variant.Razy.560460
AvastWin32:ReposFxg-F [Trj]
TencentMalware.Win32.Gencirc.10b4d174
Ad-AwareGen:Variant.Razy.560460
EmsisoftGen:Variant.Razy.560460 (B)
DrWebTrojan.Packed2.42620
TrendMicroRansom.Win64.PORNOASSET.SM1.hp
McAfee-GW-EditionBehavesLike.Win64.Trickbot.rc
SophosML/PE-A + Mal/HckPk-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.560460
JiangminTrojan.PornoAsset.gic
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.2C7B08B
ArcabitTrojan.Razy.D88D4C
MicrosoftTrojan:Win32/SmokeLoader
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win64.Agent.C3487739
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34084.luW@aq5RFHdi
ALYacGen:Variant.Razy.560460
MAXmalware (ai score=88)
MalwarebytesTrojan.BitCoinMiner
TrendMicro-HouseCallRansom.Win64.PORNOASSET.SM1.hp
RisingTrojan.Kryptik!1.C31C (CLASSIC)
YandexTrojan.GenAsa!ljywjnZY6TE
IkarusTrojan-Banker.TrickBot
MaxSecureTrojan.Malware.121218.susgen
FortinetW64/Kryptik.BTT!tr
AVGWin32:ReposFxg-F [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan-Ransom.Win32.PornoAsset.dicb?

Trojan-Ransom.Win32.PornoAsset.dicb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment