Virus

What is “Virus:Win32/Ramnit.J”?

Malware Removal

The Virus:Win32/Ramnit.J is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Ramnit.J virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (8 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • A named pipe was used for inter-process communication
  • Starts servers listening on 0.0.0.0:2018, 0.0.0.0:21
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Code injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Operates on local firewall’s policies and settings
  • Clears Windows events or logs
  • Attempts to create or modify system certificates
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
cli.im
supnewdmn.com
tvrstrynyvwstrtve.com
rtvwerjyuver.com
wqerveybrstyhcerveantbe.com
qr.api.cli.im
qr.topscan.com
status.rapidssl.com
ocsp.digicert.com
cdp.rapidssl.com
crl3.digicert.com

How to determine Virus:Win32/Ramnit.J?



File Info:

crc32: 4603269E
md5: 7ab671ca3998695f478869cb4edb45aa
name: abuiabblgaagn_pa2guo7_nj1qi
sha1: b7c1c0a96de9be019e50ec1b65280d5863b8c3e0
sha256: c09cf08d2a9580c4f7fbf7bf52ef25e2f2f80368cc6a9ffd67b4e7b393775bff
sha512: dabcd347a7146cdff41db4dbb57ad740181096728fea56e590b9b642b666da7a22c7ac7a54df0ab967dddd9d06fddc29b4054f68a02b6b9069f2377968e1f849
ssdeep: 98304:Q7Kb6q1Qc7/uzw4BBxTYRfKPQDB+kSjj/ibf39C:dIc7WzZBzPPmB+Djl
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Virus:Win32/Ramnit.J also known as:

BkavW32.Tmgrtext.PE
MicroWorld-eScanWin32.Ramnit.N
CMCVirus.Win32.Ramit.1!O
CAT-QuickHealW32.Ramnit.BA
ALYacWin32.Ramnit.N
CylanceUnsafe
ZillyaVirus.Nimnul.Win32.1
AegisLabVirus.Win32.Nimnul.lse3
SangforMalware
K7AntiVirusVirus ( 002fe95d1 )
BitDefenderWin32.Ramnit.N
Cybereasonmalicious.a39986
TrendMicroPE_RAMNIT.DEN
BaiduWin32.Virus.Nimnul.a
F-ProtW32/Ramnit.B!Generic
SymantecW32.Ramnit.B!inf
TotalDefenseWin32/Ramnit.C
APEXMalicious
AvastWin32:RmnDrp
ClamAVWin.Trojan.Ramnit-1847
GDataWin32.Virus.Nimnul.A
KasperskyVirus.Win32.Nimnul.a
AlibabaVirus:Win32/Ramnit.20382653
NANO-AntivirusVirus.Win32.Nimnul.bqjjnb
ViRobotWin32.Nimnul.A
TencentVirus.Win32.Nimnul.f
Endgamemalicious (high confidence)
SophosW32/Ramnit-A
ComodoVirus.Win32.Ramnit.K@37eb7u
F-SecureMalware.W32/Ramnit.C
DrWebWin32.Rmnet.8
VIPREVirus.Win32.Ramnit.b (v)
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Ramnit.rc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.7ab671ca3998695f
EmsisoftWin32.Ramnit.N (B)
IkarusVirus.Win32.Ramnit
CyrenW32/Ramnit.B!Generic
JiangminWin32/IRCNite.wi
WebrootW32.Ramnit.Gen
AviraW32/Ramnit.C
eGambitHackTool.Generic
MAXmalware (ai score=100)
Antiy-AVLVirus/Win32.Nimnul.a
KingsoftWin32.Ramnit.lx.30720
MicrosoftVirus:Win32/Ramnit.J
ArcabitWin32.Ramnit.N
ZoneAlarmVirus.Win32.Nimnul.a
AhnLab-V3Win32/Ramnit.G
Acronissuspicious
McAfeeW32/Ramnit.a
TACHYONVirus/W32.Ramnit
VBA32Virus.Win32.Nimnul.b
PandaW32/Cosmu.E
ZonerTrojan.Win32.Ramnit.22016
ESET-NOD32Win32/Ramnit.H
TrendMicro-HouseCallPE_RAMNIT.DEN
RisingVirus.Mgr!1.9AD0 (CLOUD)
YandexWin32.Nimnul.Gen.2
SentinelOneDFI – Malicious PE
MaxSecureVirus.Nimnul.A
FortinetW32/Ramnit.A
Ad-AwareWin32.Ramnit.N
AVGWin32:RmnDrp
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Virus.Win32.Ramnit.A

How to remove Virus:Win32/Ramnit.J?

Virus:Win32/Ramnit.J removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment