Categories: RansomTrojan

Trojan-Ransom.Win32.Zerber.fjsa information

The Trojan-Ransom.Win32.Zerber.fjsa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Zerber.fjsa virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (2 unique times)
Enumerates user accounts on the system
Creates RWX memory
A process attempted to delay the analysis task.
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Creates an excessive number of UDP connection attempts to external IP addresses
Performs some HTTP requests
Looks up the external IP address
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Attempts to repeatedly call a single API many times in order to delay analysis time
Modifies boot configuration settings
Exhibits behavior characteristic of Cerber ransomware
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Mimics the file times of a Windows system file
Installs itself for autorun at Windows startup
Creates a hidden or system file
EternalBlue behavior
Creates a copy of itself
Attempts to create or modify system certificates
Uses suspicious command line tools or Windows utilities

Related domains:

ipinfo.io

edgedl.me.gvt1.com

How to determine Trojan-Ransom.Win32.Zerber.fjsa?


File Info:
crc32: 954F9666md5: c51af87d962d0ccb4b850f781efbe804name: C51AF87D962D0CCB4B850F781EFBE804.mlwsha1: f8d10e2d75126d586bf5306d9a97b53557be9a66sha256: 6b79cb6ecdbe72e85824cc59f6d96a70a48da1f992e0b11678124c9c7002544asha512: 616a7fba55d91a2dc826228e07b92dd27f4daf4995fb35afa47ed5624bfd246e305f40c495192de20cbf8350ec09b6861e40942d122e62fdf058655206f0912essdeep: 6144:S6OjY+KIh825pt88SPtM8oJmTEWGrxM+kjymN/A:kY5R2qtM1RxxiTtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright xa9 Pultoons IdpInternalName: gunfiresFileVersion: 11.2CompanyName: Pultoons IdpProductName: gunfires reps fms grrProductVersion: 11.2FileDescription: gunfires guttlers smlOriginalFilename: gunfires.exeTranslation: 0x0409 0x04b0

Trojan-Ransom.Win32.Zerber.fjsa also known as:

K7AntiVirus	Trojan ( 0051c8bc1 )
Lionic	Trojan.Multi.Generic.4!c
DrWeb	Trojan.Encoder.20482
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.Symmi.66021
Cylance	Unsafe
Zillya	Trojan.Zerber.Win32.4050
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Ransom:Win32/Zerber.6f3a7086
K7GW	Trojan ( 0051c8bc1 )
Cybereason	malicious.d962d0
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.EYLT
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-Ransom.Win32.Zerber.fjsa
BitDefender	Gen:Variant.Symmi.66021
NANO-Antivirus	Trojan.Win32.Zerber.evsgmw
MicroWorld-eScan	Gen:Variant.Symmi.66021
Tencent	Win32.Trojan.Zerber.Svqw
Ad-Aware	Gen:Variant.Symmi.66021
Sophos	Mal/Generic-R + Mal/Cerber-C
Comodo	Malware@#1poaxvc1wvnub
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Ransomware-GIX!C51AF87D962D
FireEye	Generic.mg.c51af87d962d0ccb
Emsisoft	Gen:Variant.Symmi.66021 (B)
SentinelOne	Static AI – Malicious PE
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	Trojan/Generic.ASMalwS.22F1E5F
Microsoft	Ransom:Win32/Cerber.A
Arcabit	Trojan.Symmi.D101E5
GData	Gen:Variant.Symmi.66021
McAfee	Ransomware-GIX!C51AF87D962D
MAX	malware (ai score=99)
VBA32	Trojan-Ransom.Zerber
Panda	Trj/GdSda.A
Rising	Trojan.Generic@ML.100 (RDML:prZ9eVKCXYDgbE8e7Wb9VQ)
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.109195785.susgen
Fortinet	W32/Kryptik.EYKI!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml