Ransom Trojan

Should I remove “Trojan-Ransom.Win32.Shade.pyq”?

Malware Removal

The Trojan-Ransom.Win32.Shade.pyq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Ransom.Win32.Shade.pyq virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a hidden or system file
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Trojan-Ransom.Win32.Shade.pyq?



File Info:

crc32: CE10AF41
md5: 34edc941ae42e97833f7bf2ac04dbaea
name: 1c.jpg
sha1: 625c95785a2168813785e5efe77640749bfe3dbc
sha256: 2d510ba710ff8c4a48b60a74daf9e0489b343c1dec22bcf9369d986921439096
sha512: 01776de7a0a9c1f20e3866e6c689b7cc886f1e9bcab6c13a6e193921b854e68f8bfe9a68c3941d3ba18cf404f337546a409819f7cfcc4a3115a792d8709739ab
ssdeep: 24576:s67iOScr1wsPJ0L9V/QvZzvG7L6U0Bshu/P:s67iO3isPJ0LSvQ5hu/P
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

leDescription: *x05x01FileVersion
efox: 6x0fx01BuildID
illa Foundation: (
ense: MPL 2: Fx13x01CompanyName
_helper.exe: 0x08x01ProductName
Comments: Bx0fx01LegalCopyright
0:  
70302120751: D
ternalName: 8x08x01LegalTrademarks
illa: Fx0fx01OriginalFilename
Translation: 0x0000 0x04b0

Trojan-Ransom.Win32.Shade.pyq also known as:

MicroWorld-eScanTrojan.GenericKD.32134370
FireEyeGeneric.mg.34edc941ae42e978
McAfeeTrickbot-FRDP!34EDC941AE42
VIPREWin32.Malware!Drop
AegisLabTrojan.Win32.Shade.tqA7
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderTrojan.GenericKD.32134370
K7GWTrojan ( 0054cc0a1 )
K7AntiVirusTrojan ( 0054cc0a1 )
TrendMicroTrojan.Win32.WACATAC.USXVPGA19
CyrenW32/Emotet.TZ.gen!Eldorado
SymantecPacked.Generic.459
APEXMalicious
Paloaltogeneric.ml
GDataTrojan.GenericKD.32134370
KasperskyTrojan-Ransom.Win32.Shade.pyq
AlibabaRansom:Win32/Shade.e5f59bcb
NANO-AntivirusTrojan.Win32.Kryptik.fstswd
ViRobotTrojan.Win32.Z.Shade.1117360
AvastWin32:Trojan-gen
RisingTrojan.Generic@ML.86 (RDMK:tR3QbLgrLusDdMxlmK2bIA)
Ad-AwareTrojan.GenericKD.32134370
SophosMal/Emotet-Q
ComodoTrojWare.Win32.Ransom.Shade.VP@8e1mt6
F-SecureTrojan.TR/AD.Troldesh.gafen
DrWebTrojan.Encoder.28861
ZillyaTrojan.Filecoder.Win32.9591
Invinceaheuristic
McAfee-GW-EditionTrickbot-FRDP!34EDC941AE42
EmsisoftTrojan-Ransom.Shade (A)
IkarusTrojan-Ransom.Shade
F-ProtW32/Emotet.TZ.gen!Eldorado
JiangminTrojan.Shade.tm
WebrootW32.Trojan.Gen
AviraTR/AD.Troldesh.gafen
Antiy-AVLTrojan/Win32.TSGeneric
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D1EA54E2
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
ZoneAlarmTrojan-Ransom.Win32.Shade.pyq
MicrosoftTrojan:Win32/Generic!BV
AhnLab-V3Trojan/Win32.Emotet.R281021
Acronissuspicious
ALYacTrojan.Ransom.Shade
VBA32Malware-Cryptor.Kirgudu
CylanceUnsafe
ESET-NOD32Win32/Filecoder.Shade.B
TrendMicro-HouseCallRansom.Win32.SHADE.SMA.hp
YandexTrojan.Shade!
MaxSecureTrojan.Malware.74420964.susgen
FortinetW32/Kryptik.GLWT!tr
BitDefenderThetaGen:NN.ZexaF.32251.er1@aqIaGPti
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
Qihoo-360Win32/Virus.NetTool.0a4

How to remove Trojan-Ransom.Win32.Shade.pyq?

Trojan-Ransom.Win32.Shade.pyq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment