Trojan-Ransom.Win32.Zerber.jcb malicious file

Malware Removal

The Trojan-Ransom.Win32.Zerber.jcb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Ransom.Win32.Zerber.jcb virus can do?

  • Executable code extraction
  • Enumerates user accounts on the system
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Creates an excessive number of UDP connection attempts to external IP addresses
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Exhibits behavior characteristic of Cerber ransomware
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to identify installed AV products by installation directory
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

ip-api.com

How to determine Trojan-Ransom.Win32.Zerber.jcb?


File Info:

crc32: 5529DE84
md5: 1e97fda428488834e73a9d21f45905ca
name: 1E97FDA428488834E73A9D21F45905CA.mlw
sha1: 349780006801787b966a14ff7b9b7d5d0872feb6
sha256: 28b28111884badedf0870be7bef1e417b3ddea12eb06b1c431e992be39d6bf8e
sha512: 5e6848598bb9e51df29237e3154a1f271b4b6ccb474f34c0bfbc0682a53d2e41c84214a1405d63e85dcaee95e83049a465d58ede46a6d1a1324eaf3a13a19fb9
ssdeep: 3072:6LhF64nIT4kErh5Fry7qgIJsvArxl0BrlnURZYvoVgNXhlvQ/+Us2HKIacaUc22J:5O7so+rlURZqoVgXhs/DdDYuWX5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Comments: Tool used internally by Total Commander, do not start directly!
CompanyName: Ghisler Softwa re GmbH

Trojan-Ransom.Win32.Zerber.jcb also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.5189
MicroWorld-eScanTrojan.Ransom.Cerber.1
FireEyeGeneric.mg.1e97fda428488834
ALYacTrojan.Ransom.Cerber.1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusTrojan ( 004fa86d1 )
BitDefenderTrojan.Ransom.Cerber.1
K7GWTrojan ( 004fa86d1 )
Cybereasonmalicious.428488
TrendMicroRansom_HPCERBER.SMALY5A
BitDefenderThetaGen:NN.ZexaF.34634.qq1@aOqv04qi
CyrenW32/Cerber.VJAM-1855
SymantecTrojan.Gen.2
APEXMalicious
AvastWin32:Evo-gen [Susp]
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Zerber.jcb
Ad-AwareTrojan.Ransom.Cerber.1
EmsisoftTrojan.Ransom.Cerber.1 (B)
ComodoTrojWare.Win32.Kryptik.ERJ@6l0vie
BaiduWin32.Trojan.Kryptik.anp
InvinceaML/PE-A + Mal/Cerber-B
McAfee-GW-EditionBehavesLike.Win32.Ransomware.dh
SophosMal/Cerber-B
IkarusWin32.Outbreak
JiangminTrojan.Zerber.eli
WebrootW32.Trojan.Gen
AviraTR/Crypt.Agent.giomo
MAXmalware (ai score=87)
Antiy-AVLTrojan[Ransom]/Win32.Cerber
MicrosoftRansom:Win32/Cerber.A
GridinsoftRansom.Win32.Ransom.oa!s2
ArcabitTrojan.Ransom.Cerber.1
ZoneAlarmTrojan-Ransom.Win32.Zerber.jcb
GDataTrojan.Ransom.Cerber.1
AhnLab-V3Trojan/Win32.Cerber.C1511907
Acronissuspicious
McAfeeGenericRXAA-AA!1E97FDA42848
TACHYONRansom/W32.Cerber.276629
VBA32BScope.Trojan.Vucha
MalwarebytesRansom.Cerber
ZonerTrojan.Win32.44666
ESET-NOD32a variant of Win32/Kryptik.FDHE
TrendMicro-HouseCallRansom_HPCERBER.SMALY5A
RisingTrojan.Win32.Cerber.a (CLASSIC)
YandexTrojan.GenAsa!ZlIOe44JNcM
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Kryptik.HCAW!tr
AVGFileRepMetagen [Malware]
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM20.1.4DD3.Malware.Gen

How to remove Trojan-Ransom.Win32.Zerber.jcb?

Trojan-Ransom.Win32.Zerber.jcb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment