Categories: RansomTrojan

About “Trojan-Ransom.Win32.Zerber.fhre” infection

The Trojan-Ransom.Win32.Zerber.fhre is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Zerber.fhre virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Enumerates user accounts on the system
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Creates an excessive number of UDP connection attempts to external IP addresses
Performs some HTTP requests
Looks up the external IP address
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Exhibits behavior characteristic of Cerber ransomware
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Mimics the file times of a Windows system file
Installs itself for autorun at Windows startup
Creates a hidden or system file
EternalBlue behavior
Creates a copy of itself
Attempts to create or modify system certificates
Generates some ICMP traffic
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities

Related domains:

ipinfo.io

How to determine Trojan-Ransom.Win32.Zerber.fhre?


File Info:
crc32: D90466CEmd5: a99d54c82f86beec114d1af49fba8dafname: A99D54C82F86BEEC114D1AF49FBA8DAF.mlwsha1: c4dba0078ef23a154cb86747189cbc2638562412sha256: 3f019aa2d6fa1f557c06c36eb8b4d2734fb54da9ff806ce676dbd9d3f04d6ab2sha512: 4ec56d2257c3315d2412c6608a4b27491afe36128764dd150a4939d0e3b092e5be3a6abfe80b3bddd246014037279bad657d123d7aae19c4d660da17eeb9661assdeep: 6144:E8vWaeJYexGBTYOYSvJVbavgRZK/csd5H1K/pF:EUWbYfVYyLmyZKFPtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright PondyInternalName: bhunderFileVersion: 7.8CompanyName: PondyProductName: bhunder vips bungProductVersion: 7.8FileDescription: bhunder somdielOriginalFilename: bhunder.exeTranslation: 0x0409 0x04b0

Trojan-Ransom.Win32.Zerber.fhre also known as:

K7AntiVirus	Trojan ( 004f23721 )
Lionic	Trojan.Win32.Generic.4!c
DrWeb	Trojan.Encoder.4691
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Symmi.66021
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
K7GW	Trojan ( 004f23721 )
Cybereason	malicious.82f86b
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.FACZ
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Ransom.Win32.Zerber.fhre
BitDefender	Gen:Variant.Symmi.66021
NANO-Antivirus	Trojan.Win32.Zerber.evjybn
MicroWorld-eScan	Gen:Variant.Symmi.66021
Tencent	Win32.Trojan.Zerber.Lohx
Ad-Aware	Gen:Variant.Symmi.66021
Sophos	ML/PE-A + Mal/Cerber-C
Comodo	Malware@#1tq5z189ho94s
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Ransomware-GIX!A99D54C82F86
FireEye	Generic.mg.a99d54c82f86beec
Emsisoft	Gen:Variant.Symmi.66021 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1121409
Antiy-AVL	Trojan/Generic.ASMalwS.22CEC83
Microsoft	Trojan:Win32/Dynamer!rfn
Arcabit	Trojan.Symmi.D101E5
GData	Gen:Variant.Symmi.66021
McAfee	Ransomware-GIX!A99D54C82F86
MAX	malware (ai score=99)
VBA32	Trojan-Ransom.Zerber
Panda	Trj/GdSda.A
Rising	Trojan.Generic@ML.100 (RDML:c6wH5hoWNz7dN0pkQh8RKQ)
Yandex	Trojan.Zerber!VtWDKtY5R+Q
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.EYKI!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Cerber.HxQBEpsA