Malware

Win32:TeslaCrypt-EK [Trj] information

Malware Removal

The Win32:TeslaCrypt-EK [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32:TeslaCrypt-EK [Trj] virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Serbian
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to delete volume shadow copies
  • Executed a process and injected code into it, probably while unpacking
  • Exhibits behavior characteristic of Alphacrypt/Teslacrypt ransomware
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Writes a potential ransom message to disk
  • Attempts to identify installed AV products by registry key
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

myexternalip.com
ocsp.pki.goog
dailyreports.in
jammasjidmurah.com
www.jammasjidmurah.com
drricar.org
crls.pki.goog
crl.pki.goog
vuonsinhthaidieplonghong.com.vn
digicomfort.com

How to determine Win32:TeslaCrypt-EK [Trj]?


File Info:

crc32: 7C67D52A
md5: de8bef046dcbaf12d083b188d6ea8a2e
name: DE8BEF046DCBAF12D083B188D6EA8A2E.mlw
sha1: afafde52b3c49eb13f3bed824db911366640a9b9
sha256: 14d3aa3de0284fc269aa5e859bff8f4a66462354c094fd856fa03947c10bea75
sha512: 8d91460318787a7f97f25803e9b27e4fc6c1d75822eac5af05843769ba2a717e5b36c10e80a0434339e325cb4334cd33f4013bb46b2e45e23d28dc65b3d2ac7e
ssdeep: 12288:PmmZ91UeV9EypmrgBY5UDgL9dcbnuA9j4/rB3qfT3lklv8nrvmpVvcRzLwL2BWG:+obvBGdOn/gwQVkwL92UoC
type: PE32 executable (console) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Diodes (C) 2018
InternalName: Forts
FileDescription: Interventionist
OriginalFilename: Drainpipe.exe
CompanyName: GRISOFT s.r.o.

Win32:TeslaCrypt-EK [Trj] also known as:

K7AntiVirusTrojan ( 004d686f1 )
Elasticmalicious (high confidence)
DrWebTrojan.AVKill.38117
CynetMalicious (score: 100)
CylanceUnsafe
ZillyaTrojan.Generic.Win32.64919
CrowdStrikewin/malicious_confidence_90% (D)
AlibabaRansom:Win32/CeeInject.11a82415
K7GWTrojan ( 004d686f1 )
Cybereasonmalicious.46dcba
SymantecRansom.TeslaCrypt!g1
ESET-NOD32Win32/Filecoder.TeslaCrypt.I
APEXMalicious
AvastWin32:TeslaCrypt-EK [Trj]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Cripack.Gen.1
NANO-AntivirusTrojan.Win32.Yakes.dyokzi
ViRobotTrojan.Win32.TeslaCrypt.Gen.B
MicroWorld-eScanTrojan.Cripack.Gen.1
TencentMalware.Win32.Gencirc.114c68ce
Ad-AwareTrojan.Cripack.Gen.1
SophosML/PE-A + Troj/Ransom-BRV
ComodoMalware@#8poadstn6xig
BitDefenderThetaGen:NN.ZexaF.34142.Bu0@auHyCXmG
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYPTESLA.SM0
McAfee-GW-EditionBehavesLike.Win32.Multiplug.gm
FireEyeGeneric.mg.de8bef046dcbaf12
EmsisoftTrojan.Cripack.Gen.1 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan.Yakes.bxa
WebrootW32.Trojan.Necurs
AviraHEUR/AGEN.1132918
Antiy-AVLTrojan/Generic.ASMalwS.157FDE9
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftRansom:Win32/Tescrypt.C
GDataTrojan.Cripack.Gen.1
AhnLab-V3Trojan/Win32.Teslacrypt.R168154
McAfeeGenericR-FBD!DE8BEF046DCB
MAXmalware (ai score=83)
VBA32BScope.Trojan.AVKill
PandaTrj/Genetic.gen
TrendMicro-HouseCallRansom_CRYPTESLA.SM0
RisingTrojan.Generic@ML.92 (RDML:ONY45Rtszv63ADieYJaNcg)
YandexTrojan.GenAsa!lXaIwpcOOY4
IkarusTrojan.Win32.Filecoder
FortinetW32/TeslaCrypt.I!tr
AVGWin32:TeslaCrypt-EK [Trj]
Paloaltogeneric.ml

How to remove Win32:TeslaCrypt-EK [Trj]?

Win32:TeslaCrypt-EK [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment