Ransom • Trojan

Trojan-Ransom.Win32.Wanna.amir (file analysis)

The Trojan-Ransom.Win32.Wanna.amir is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan-Ransom.Win32.Wanna.amir virus can do?

Authenticode signature is invalid

How to determine Trojan-Ransom.Win32.Wanna.amir?


File Info:
name: 3A4DDA8FF8A61344396F.mlw
path: /opt/CAPEv2/storage/binaries/7b1d868da276549c62ad1e1a0910e63d2579f044695ad87b281cdf93c236bbb0
crc32: 11C92ED0
md5: 3a4dda8ff8a61344396f5649b091fb63
sha1: 08ab64f7ed2a56d27a328a30205f923a8571d593
sha256: 7b1d868da276549c62ad1e1a0910e63d2579f044695ad87b281cdf93c236bbb0
sha512: 6b00cba24c3c237bfb78af8ce825112f094c775f33717b8bd688977234e056e728b35365cc4741e153c76b7502267f3eb66f9bcee376832550dd7afe9fc07ce8
ssdeep: 48:CHQUTYHRODBAUgtwJaMLdK7ng8+hLYsvLWV8SJfnckDt6WdeVRHyrMu3LQWnXYvi:ChrAb4Q7HuLm3fnFt6WdeTyrMtk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T195950ADB78DA9E73D5CC2970EA08EB40A330963517BC8B41B7E48D3AB306B765501863
sha3_384: 78fe441922ed5d4e02b628142cfcca67b194355d2530a499ee7d4b55c9bb8e8ee91efc18eab5884ae353cac6ce7c7c95
ep_bytes: 00000000000000000000000000000000
timestamp: 2015-09-20 19:44:01

Version Info:
0: [No Data]

Trojan-Ransom.Win32.Wanna.amir also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Wanna.u!c
Elastic	malicious (moderate confidence)
Malwarebytes	MachineLearning/Anomalous.100%
Alibaba	Ransom:Win32/Wanna.5d2657e4
CrowdStrike	win/malicious_confidence_100% (W)
Paloalto	generic.ml
Kaspersky	Trojan-Ransom.Win32.Wanna.amir
SUPERAntiSpyware	Ransom.Crypt/Variant
Avast	FileRepMalware [Trj]
Tencent	Win32.Trojan.Wanna.Lkef
TACHYON	Ransom/W32.WannaCry.2061938.F
Sophos	Mal/Generic-S
Zillya	Trojan.Wanna.Win32.1779
McAfee-GW-Edition	Artemis
Trapmine	suspicious.low.ml.score
APEX	Malicious
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Ymacco.AA7B
ZoneAlarm	Trojan-Ransom.Win32.Wanna.amir
Cynet	Malicious (score: 100)
McAfee	Artemis!3A4DDA8FF8A6
VBA32	TrojanRansom.Wanna
Cylance	Unsafe
Rising	Trojan.Generic@AI.84 (RDML:9ffw3ra3ttezSfdi/wofkQ)
Ikarus	Trojan-Ransom.WannaCrypt
Fortinet	W32/Wanna.AMIR!tr
AVG	FileRepMalware [Trj]

How to remove Trojan-Ransom.Win32.Wanna.amir?

Trojan-Ransom.Win32.Wanna.amir removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X