What is “Win32/Filecoder.CryptProjectXXX.H”?

The Win32/Filecoder.CryptProjectXXX.H is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Filecoder.CryptProjectXXX.H virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Russian
Anomalous binary characteristics

How to determine Win32/Filecoder.CryptProjectXXX.H?


File Info:
crc32: D60472DF
md5: 9555f06774763bb8906f01b28d18df44
name: 9555F06774763BB8906F01B28D18DF44.mlw
sha1: aa0b7be02b65cfaf5b022c6a3eba557b68a6193c
sha256: b5b437a6a3d9aa4c8642c17c4e87e1b1470fe5b835ce13eb0c35c1b65e38b567
sha512: 6e6cc31f90a1fa7304d90d9bde3ba3cea4a0b83c935fbc978ebc5f2b020988a88b8a5beebb0b2c87d2ccafe7acea02d0b72e7174ba1fec25b8c2400dc13cedb2
ssdeep: 3072:LjB5NThiAQeALvBq40bfr3qIir6LXn6v8:LjB5NcAJGuvVimLX6
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:
LegalCopyright: Copyright xa9 2003 - 2011 Nir Sofer
InternalName: NirCmd
FileVersion: 2.65
CompanyName: NirSoft
ProductName: NirCmd
ProductVersion: 2.65
FileDescription: NirCmd
OriginalFilename: NirCmd.exe
Translation: 0x0409 0x04b0

Win32/Filecoder.CryptProjectXXX.H also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 004f8bc31 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Encoder.5047
Cynet	Malicious (score: 99)
CAT-QuickHeal	Ransom.Crowti.MUE.A6
ALYac	Gen:Variant.Barys.59243
Cylance	Unsafe
Zillya	Trojan.Filecoder.Win32.3507
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Ransom:Win32/CryptXXX.839287a3
K7GW	Trojan ( 004f8bc31 )
Cybereason	malicious.774763
Cyren	W32/Ransom.CJ.gen!Eldorado
Symantec	Ransom.CryptXXX!g17
ESET-NOD32	Win32/Filecoder.CryptProjectXXX.H
APEX	Malicious
Avast	Win32:Goblinek [Inf]
Kaspersky	Trojan-Ransom.Win32.CryptXXX.asdnfx
BitDefender	Gen:Variant.Barys.59243
NANO-Antivirus	Trojan.Win32.Encoder.fucstm
MicroWorld-eScan	Gen:Variant.Barys.59243
Tencent	Malware.Win32.Gencirc.116984b1
Ad-Aware	Gen:Variant.Barys.59243
Sophos	Mal/Generic-S
Comodo	Malware@#7tefx1qt1z7q
BitDefenderTheta	Gen:NN.ZexaF.34670.gy0@a0Bb0BbQ
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPCRYPMIC.SM4
McAfee-GW-Edition	Ransomware-FTK!9555F0677476
FireEye	Generic.mg.9555f06774763bb8
Emsisoft	Gen:Variant.Barys.59243 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Generic.ebozp
Webroot	Trojan.Dropper.Gen
Avira	HEUR/AGEN.1110705
eGambit	Unsafe.AI_Score_99%
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Ransom:Win32/Tovicrypt.A
Arcabit	Trojan.Barys.DE76B
AegisLab	Trojan.Win32.Generic.4!c
GData	Gen:Variant.Barys.59243
TACHYON	Ransom/W32.CryptXXX.108544
AhnLab-V3	Malware/Win32.RL_Generic.R285865
Acronis	suspicious
McAfee	Ransomware-FTK!9555F0677476
MAX	malware (ai score=100)
VBA32	BScope.Trojan.Bagsu
Malwarebytes	Trojan.Crypt
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom_HPCRYPMIC.SM4
Rising	Ransom.CryptXXX!8.5DF0 (CLOUD)
Yandex	Trojan.GenAsa!ao0N/xdCg2Q
Ikarus	Trojan-Ransom.Tovicrypt
Fortinet	W32/Kryptik.FNZR!tr
AVG	Win32:Goblinek [Inf]
Paloalto	generic.ml
Qihoo-360	Win32/Ransom.CryptXXX.HxQBdN4A

How to remove Win32/Filecoder.CryptProjectXXX.H?

Win32/Filecoder.CryptProjectXXX.H removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X