Ransom • Trojan

TrojanRansom.ContiCrypt information

The TrojanRansom.ContiCrypt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanRansom.ContiCrypt virus can do?

Sample contains Overlay data
Authenticode signature is invalid

How to determine TrojanRansom.ContiCrypt?


File Info:
name: 3B916BD93D84D5BF2F31.mlw
path: /opt/CAPEv2/storage/binaries/e58a792792a1ccf7faf3ddd984fe046888ac8485786f989751862d68f48e4846
crc32: 6B237207
md5: 3b916bd93d84d5bf2f31381d6707511e
sha1: 4e73823bf67bd7ec9611f553292d7c4b0e417bcd
sha256: e58a792792a1ccf7faf3ddd984fe046888ac8485786f989751862d68f48e4846
sha512: 2cf664db71eda91c1c535368b5c7823ea75f9b56e4f68b4f80365f3a21b700f8267aa3672ea9f3d8a40c9569f9b6cfeb3477a59ea05e3ed799be7f76e79c57c1
ssdeep: 12288:boPXILq1h/SRN7uNvCN3SFryjC+yBfBldfvmbPRUt:kfIawqNv1rgC+ypBldfvsRUt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EBE4E0D77AC78932E1618CFD10C58E0D2A97C019674D61E368FE8560D0A79EB28BF9F4
sha3_384: b8eb96c4d6b5511f45ab70e2f2efdc7e1eaf72dff7331c3e53b68cbf1884afa8e280eab0dad023439d6960b72b72245b
ep_bytes: cccccccccccccccccccccccccccccccc
timestamp: 2017-09-25 02:24:55

Version Info:
0: [No Data]

TrojanRansom.ContiCrypt also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.ContiCrypt.4!c
FireEye	Generic.mg.3b916bd93d84d5bf
Skyhigh	BehavesLike.Win32.RAHack.jc
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Ransom:Win32/ContiCrypt.1546005f
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
ClamAV	Win.Virus.Virlock-6804475-0
Sophos	ML/PE-A
Trapmine	malicious.high.ml.score
SentinelOne	Static AI – Malicious PE
Google	Detected
Varist	W32/KeyIso.A.gen!Eldorado
Antiy-AVL	GrayWare/Win32.VirLock.a
Microsoft	Ransom:Win32/ContiCrypt.OR!MTB
Cynet	Malicious (score: 100)
McAfee	Artemis!3B916BD93D84
VBA32	TrojanRansom.ContiCrypt
Malwarebytes	Generic.Malware/Suspicious
Rising	Trojan.Generic@AI.100 (RDML:REEvwTQ0iMDT9XWr6Xxgaw)
Ikarus	Trojan.Win32.Agent
MaxSecure	Trojan.Malware.121218.susgen
DeepInstinct	MALICIOUS

How to remove TrojanRansom.ContiCrypt?

TrojanRansom.ContiCrypt removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X