Categories: RansomVirus

Should I remove “Virus.Win32.PolyRansom.h”?

The Virus.Win32.PolyRansom.h is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Virus.Win32.PolyRansom.h virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Enumerates running processes
Expresses interest in specific running processes
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
Deletes its original binary from disk
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Created a process from a suspicious location
A system process is generating network traffic likely as a result of process injection
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
Attempts to modify proxy settings

How to determine Virus.Win32.PolyRansom.h?


File Info:
name: A692C370BB4F1A7B284B.mlwpath: /opt/CAPEv2/storage/binaries/96fea199414625741a246b0034716cca04d1d81a6695c70387e9607fbf1f15a0crc32: 6813115Cmd5: a692c370bb4f1a7b284b259d41600c64sha1: e8841de53fb6bd60f5db52a1a351dd83e044acdfsha256: 96fea199414625741a246b0034716cca04d1d81a6695c70387e9607fbf1f15a0sha512: de05733f0135f6043437a6f365e68b13ea2440471fdd4ae02eb8f3267550c8fe43f4c72628b726321991261b5462fcf2e63545742443cae507ff117a2864a266ssdeep: 3072:n/nZrYl6+NWd3i3iHBpGdr0aw4bBz+rXz7urBr7GAzE:nvq8+b3ihpYgaw4g/arZ7GQEtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1D5B302255DE01EFBF5BD0E3F7894DEB03E70721B721ABA12924C845181B545B7AACF05sha3_384: dd555629656b3e7c296cc87fd7134bca5fe014247136cc2bd923259f9913a0d9624bb80b200e8837745b1f499d8058e7ep_bytes: b856341278ff1524204000a300304000timestamp: 2015-02-18 18:17:14
Version Info:
0: [No Data]

Virus.Win32.PolyRansom.h also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Doboc.Gen.2.Dam
FireEye	Generic.mg.a692c370bb4f1a7b
CAT-QuickHeal	W32.Tempedreve.A5
McAfee	W32/PdfCrypt.b!A692C370BB4F
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	Trojan ( 00500cdd1 )
K7AntiVirus	Trojan ( 00500cdd1 )
BitDefenderTheta	AI:FileInfector.52E8454215
Cyren	W32/S-ae71c36c!Eldorado
ESET-NOD32	Win32/Kryptik.CZHL
Baidu	Win32.Trojan.Kryptik.iq
TrendMicro-HouseCall	PE_URSNIF.B-O
ClamAV	Win.Dropper.Tempedreve-1
Kaspersky	Virus.Win32.PolyRansom.h
BitDefender	Win32.Doboc.Gen.2.Dam
NANO-Antivirus	Trojan.Win32.Kryptik.docwpc
SUPERAntiSpyware	Trojan.Agent/Gen-FakeAlert
Avast	Win32:Malware-gen
Tencent	Trojan.Win32.BitCoinMiner.la
Ad-Aware	Win32.Doboc.Gen.2.Dam
Emsisoft	Win32.Doboc.Gen.2.Dam (B)
Comodo	TrojWare.Win32.Hupigon.TLV@5k6j3s
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	Trojan.Inject1.53259
VIPRE	Worm.Win32.Tempedreve.a (v)
TrendMicro	PE_URSNIF.B-O
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
Sophos	ML/PE-A + W32/MPhage-A
Ikarus	Trojan.Win32.Crypt
GData	Win32.Doboc.Gen.2.Dam
MaxSecure	virus.polyransom.i
Avira	TR/Dropper.Gen
MAX	malware (ai score=89)
Antiy-AVL	Trojan/Win32.AGeneric
Arcabit	Win32.Doboc.Gen.2.Dam
APEX	Malicious
Microsoft	Virus:Win32/Ursnif.E
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.R135158
Acronis	suspicious
VBA32	Backdoor.Hupigon
ALYac	Win32.Doboc.Gen.2.Dam
TACHYON	Backdoor/W32.Hupigon.108544.N
Malwarebytes	Trojan.Dropper
Rising	Trojan.Kryptik!1.B671 (CLASSIC)
Yandex	Trojan.GenAsa!LyJXQNI6Zvo
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_85%
Fortinet	W32/Tuscas.A!tr
AVG	Win32:Malware-gen
Cybereason	malicious.0bb4f1
Panda	Trj/CryptD.C