Categories: RansomTrojan

Trojan-Ransom.Win32.Zerber.pef (file analysis)

The Trojan-Ransom.Win32.Zerber.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Ransom.Win32.Zerber.pef virus can do?

Executable code extraction
Enumerates user accounts on the system
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Creates an excessive number of UDP connection attempts to external IP addresses
Performs some HTTP requests
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to delete volume shadow copies
Modifies boot configuration settings
Exhibits behavior characteristic of Cerber ransomware
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Mimics the file times of a Windows system file
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to identify installed AV products by installation directory
Attempts to modify proxy settings
Creates a copy of itself
Attempts to modify Explorer settings to prevent hidden files from being displayed
Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz

a.tomx.xyz

ip-api.com

How to determine Trojan-Ransom.Win32.Zerber.pef?


File Info:
crc32: DAEF42B5md5: b32afafbda8d39b3c98b28ccb1bbd017name: B32AFAFBDA8D39B3C98B28CCB1BBD017.mlwsha1: 52fe8d6023b55321196aa2495d4cd5db87778391sha256: 6b254d875ef39f9ae40a63334d0649f73a0e01a0e020b7f5ade3acbe85e368f4sha512: 67eba23b6abb8b5b0b6ffa0e6f6dd9a338dcaa78b48e453aa374f6feee90bf6d56702d471eb9b26c5e973a8ffed43c3f1e8ef9c9c952603787360df92e15d797ssdeep: 12288:5ioHeyh4JzRoLoC1PuUEvmJ1TNF/JZJc/ce:LHMRocyWUEvm7XCtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
CompanyName: 33  CorporationTranslation: 0x0000 0x04e4

Trojan-Ransom.Win32.Zerber.pef also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Ransom.Cerber.1
FireEye	Generic.mg.b32afafbda8d39b3
CAT-QuickHeal	Ransom.Cerber.YY4
ALYac	Trojan.Ransom.Cerber.1
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic.pak!cobra
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 004f95911 )
BitDefender	Trojan.Ransom.Cerber.1
K7GW	Trojan ( 004f95911 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.34590.Eq1@aC4sOhfi
Cyren	W32/S-3e1d46f2!Eldorado
Symantec	Packed.Generic.459
ESET-NOD32	a variant of Win32/Kryptik.FFGQ
Baidu	Win32.Trojan.Cerber.h
TrendMicro-HouseCall	Ransom_HPCERBER.SM30
Avast	Win32:RansomX-gen [Ransom]
ClamAV	Win.Dropper.Cerber-9783017-0
Kaspersky	HEUR:Trojan-Ransom.Win32.Zerber.pef
Alibaba	Ransom:Win32/Kryptik.c0ff4ae8
NANO-Antivirus	Trojan.Win32.Encoder.erdqmv
AegisLab	Trojan.Win32.Generic.4!c
Rising	Ransom.Agent!8.6B7 (CLOUD)
Ad-Aware	Trojan.Ransom.Cerber.1
Emsisoft	Trojan.Ransom.Cerber.1 (B)
Comodo	TrojWare.Win32.Kryptik.ERJ@6l0vie
F-Secure	Heuristic.HEUR/AGEN.1106151
DrWeb	Trojan.Encoder.4691
Zillya	Trojan.SelfDel.Win32.54590
TrendMicro	Ransom_HPCERBER.SM30
McAfee-GW-Edition	BehavesLike.Win32.Emotet.gh
SentinelOne	Static AI – Malicious PE
Sophos	ML/PE-A + Mal/Cerber-B
APEX	Malicious
Jiangmin	Trojan.Zerber.sl
Avira	HEUR/AGEN.1106151
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.TSGeneric
Microsoft	Ransom:Win32/Cerber!rfn
Arcabit	Trojan.Ransom.Cerber.1
AhnLab-V3	Win-Trojan/Cerber.Gen
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Zerber.pef
GData	Trojan.Ransom.Cerber.1
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Ransomware-FOS!B32AFAFBDA8D
VBA32	BScope.Trojan.Encoder
Malwarebytes	Malware.AI.2454176477
Panda	Trj/GdSda.A
Tencent	Malware.Win32.Gencirc.10b55614
Yandex	Trojan.GenAsa!5elnbBB6s9o
Ikarus	Trojan.Crypt
eGambit	Unsafe.AI_Score_95%
Fortinet	W32/Kryptik.HEKH!tr
Webroot	W32.Malware.Gen
AVG	Win32:RansomX-gen [Ransom]
Cybereason	malicious.bda8d3
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.Cerber.HxQB5H8A