Ransom Trojan

About “Trojan-Ransom.Win32.PornoAsset.dicc” infection

Malware Removal

The Trojan-Ransom.Win32.PornoAsset.dicc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.PornoAsset.dicc virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup

How to determine Trojan-Ransom.Win32.PornoAsset.dicc?


File Info:

name: 4A81326082A15CFBDAF7.mlw
path: /opt/CAPEv2/storage/binaries/520e981591b90f7b934232f27a14196494d4619bcda05f5f782d44b00a76ee5c
crc32: D2FBED74
md5: 4a81326082a15cfbdaf7aed6b1898e95
sha1: 7ea7a57dfb6f2580ab0e20d7898d0187b47257d0
sha256: 520e981591b90f7b934232f27a14196494d4619bcda05f5f782d44b00a76ee5c
sha512: e1cc5493d491166a96469e6c866b3da640e56ae996ff0d1bc4f50d30d1643eea7da3c8eaff9c36e1bffe5765af1746d646eb0d27ff828687e8c299bd3df0b692
ssdeep: 196608:lPA5MAo/CNoMk2vLdtsLfJ7oxSv0Djnz69bfY:l2oaNoMRvL0LB7gjz69bA
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T19B763381B198159CD112D8F3FAB4D8A034EC65F99F18D96027B0BAE41D178F32BB674E
sha3_384: 8785f1f7af033a3ab20981c1f0d3ad973ae320cef167b214ca432a3b4ace68f9dc57b736737c9fb96427be041fc82fb3
ep_bytes: 53565755488d351a9fbbff488dbedb2f
timestamp: 2019-09-27 22:05:56

Version Info:

0: [No Data]

Trojan-Ransom.Win32.PornoAsset.dicc also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Packed2.42620
MicroWorld-eScanGen:Variant.Razy.560460
FireEyeGeneric.mg.4a81326082a15cfb
McAfeeTrickbot-FRE!4A81326082A1
CylanceUnsafe
ZillyaTrojan.Kryptik.Win64.6849
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00570b0c1 )
K7GWTrojan ( 00570b0c1 )
Cybereasonmalicious.082a15
CyrenW64/ReposFxg.A.gen!Eldorado
ESET-NOD32a variant of Win64/CoinMiner.AEF.gen
ClamAVWin.Malware.Tofsee-7057860-0
KasperskyTrojan-Ransom.Win32.PornoAsset.dicc
BitDefenderGen:Variant.Razy.560460
AvastWin32:ReposFxg-F [Trj]
TencentMalware.Win32.Gencirc.10b8003c
Ad-AwareGen:Variant.Razy.560460
EmsisoftGen:Variant.Razy.560460 (B)
McAfee-GW-EditionBehavesLike.Win64.Trickbot.wm
SophosML/PE-A + Mal/HckPk-S
IkarusTrojan-Banker.TrickBot
GDataGen:Variant.Razy.560460
JiangminTrojan.PornoAsset.gid
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Generic.ASMalwS.2C7B644
ArcabitTrojan.Razy.D88D4C
MicrosoftTrojan:Win32/SmokeLoader
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win64.Agent.C3487739
Acronissuspicious
VBA32Worm.Win64.Autorun
ALYacGen:Variant.Razy.560460
MAXmalware (ai score=85)
MalwarebytesTrojan.BitCoinMiner
APEXMalicious
RisingTrojan.Kryptik!1.C31C (CLASSIC)
YandexTrojan.GenAsa!ljywjnZY6TE
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW64/Kryptik.BTT!tr
AVGWin32:ReposFxg-F [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan-Ransom.Win32.PornoAsset.dicc?

Trojan-Ransom.Win32.PornoAsset.dicc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment