Generic.Ransom.MedusaLocker.942644D7

What is Generic.Ransom.MedusaLocker.942644D7 infection?

In this short article you will locate regarding the meaning of Generic.Ransom.MedusaLocker.942644D7 and its adverse influence on your computer system. Such ransomware are a form of malware that is clarified by online scams to demand paying the ransom by a victim.

Most of the instances, Generic.Ransom.MedusaLocker.942644D7 virus will certainly instruct its sufferers to initiate funds move for the function of reducing the effects of the changes that the Trojan infection has actually introduced to the sufferer’s tool.

Generic.Ransom.MedusaLocker.942644D7 Summary

These modifications can be as adheres to:

At least one process apparently crashed during execution;
Possible date expiration check, exits too soon after checking local time;
A process attempted to delay the analysis task.;
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option;
A process created a hidden window;
Drops a binary and executes it. Trojan-Downloader installs itself to the system and waits until an Internet connection becomes available to connect to a remote server or website in order to download additional malware onto the infected computer.
Creates an autorun.inf file;
Uses Windows utilities for basic functionality;
Attempts to delete volume shadow copies;
Modifies boot configuration settings;
Installs itself for autorun at Windows startup.
There is simple tactic using the Windows startup folder located at:
C:\Users\[user-name]\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup Shortcut links (.lnk extension) placed in this folder will cause Windows to launch the application each time [user-name] logs into Windows.

The registry run keys perform the same action, and can be located in different locations:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Creates a hidden or system file. The malware adds the hidden attribute to every file and folder on your system, so it appears as if everything has been deleted from your hard drive.
Clears Windows events or logs;
Creates a copy of itself;
Attempts to disable UAC.
User Account Control or just UAC is a part of the Windows security system which prevents apps from making unwanted changes on PC.

UAC includes several technologies ¹:
- File and egistry Virtualization;
- Same-desktop Elevation;
- Filtered Token;
- User Interface Privilege Isolation;
- Protected Mode Internet Explorer;
- Installer Detection;
Attempts to modify UAC prompt behavior;
Uses suspicious command line tools or Windows utilities;
Ciphering the papers situated on the target’s hard disk — so the target can no more make use of the information;
Preventing regular access to the sufferer’s workstation. This is the typical behavior of a virus called locker. It blocks access to the computer until the victim pays the ransom.

Generic.Ransom.MedusaLocker.942644D7

The most common networks where Generic.Ransom.MedusaLocker.942644D7 are injected are:

By ways of phishing e-mails;
As an effect of customer ending up on a resource that organizes a destructive software application;

As quickly as the Trojan is successfully infused, it will either cipher the data on the victim’s computer or protect against the tool from functioning in a proper manner – while additionally positioning a ransom note that discusses the need for the sufferers to effect the settlement for the function of decrypting the files or recovering the file system back to the initial problem. In many instances, the ransom note will certainly come up when the client reboots the COMPUTER after the system has actually already been damaged.

Generic.Ransom.MedusaLocker.942644D7 circulation networks.

In various corners of the world, Generic.Ransom.MedusaLocker.942644D7 grows by jumps and also bounds. Nonetheless, the ransom money notes and also techniques of extorting the ransom quantity may vary depending on particular neighborhood (regional) settings. The ransom notes and also tricks of extorting the ransom money amount might differ depending on specific regional (local) setups.

As an example:

Faulty notifies about unlicensed software.

In specific locations, the Trojans frequently wrongfully report having actually detected some unlicensed applications allowed on the sufferer’s gadget. The alert then requires the user to pay the ransom money.

Faulty statements about prohibited material.

In nations where software application piracy is less popular, this method is not as effective for the cyber fraudulences. Additionally, the Generic.Ransom.MedusaLocker.942644D7 popup alert might incorrectly declare to be originating from a law enforcement institution and will report having situated child pornography or other unlawful data on the device.

Generic.Ransom.MedusaLocker.942644D7 popup alert may wrongly declare to be obtaining from a regulation enforcement institution and will report having located kid porn or various other unlawful information on the gadget. The alert will similarly contain a requirement for the individual to pay the ransom money.

Technical details

File Info:
crc32: DB75A2C3md5: 9353a3fa46ce13ea133cfab51c8cbd7aname: upload_filesha1: f3e66237577a690ee907deac9ffbf6074a85e7a5sha256: 8b9bdc5cf5534d377a6201d1803a5aa0915b93c9df524307118fd61f361bdba2sha512: 255539cb03fe5fc5d87f5bf2fb8742496bbf9fcd1feb07872cb8a62aedb12a9c4d1039cec53bb0b015bd526b1c6adfab1e12182df8a24f7a5a65e06e40616a48ssdeep: 12288:cPJ4U0TYQivI2qZ7aSgLwkFVpzUvest4ZEbjJLueJVoM7:JzTYVQ2qZ7aSgLwuVfstRJLFYMtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
0: [No Data]

Generic.Ransom.MedusaLocker.942644D7 also known as:

GridinSoft	Trojan.Ransom.Gen
Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Generic.Ransom.MedusaLocker.942644D7
FireEye	Generic.mg.9353a3fa46ce13ea
McAfee	GenericRXKP-XE!9353A3FA46CE
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0055a9531 )
BitDefender	Generic.Ransom.MedusaLocker.942644D7
K7GW	Trojan ( 0055a9531 )
CrowdStrike	win/malicious_confidence_100% (W)
Invincea	heuristic
Symantec	Ransom.Cryptolocker
APEX	Malicious
Kaspersky	Trojan.Win32.DelShad.dax
Alibaba	Trojan:Win32/DelShad.0061ee04
NANO-Antivirus	Trojan.Win32.Filecoder.hjdojw
AegisLab	Trojan.Win32.DelShad.4!c
Tencent	Malware.Win32.Gencirc.10cdcb68
Ad-Aware	Generic.Ransom.MedusaLocker.942644D7
Emsisoft	Generic.Ransom.MedusaLocker.942644D7 (B)
F-Secure	Trojan.TR/DelShad.xrytt
DrWeb	Trojan.DownLoader33.34694
Zillya	Trojan.DelShad.Win32.481
TrendMicro	Ransom.Win32.MEDUSALOCKER.SMTH
Fortinet	W32/Filecoder.NYA!tr.ransom
Sophos	Mal/Generic-S
Ikarus	Trojan-Ransom.Medusalocker
Jiangmin	Trojan.DelShad.vv
Avira	TR/DelShad.xrytt
MAX	malware (ai score=81)
Antiy-AVL	Trojan[Ransom]/Win32.Ako
Arcabit	Generic.Ransom.MedusaLocker.942644D7
ZoneAlarm	Trojan.Win32.DelShad.dax
Microsoft	Ransom:Win32/Ako!MSR
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R335910
VBA32	Trojan.DelShad
ALYac	Trojan.Ransom.MedusaLocker
Malwarebytes	Ransom.Medusa
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Filecoder.MedusaLocker.C
TrendMicro-HouseCall	Ransom.Win32.MEDUSALOCKER.SMTH
Rising	Ransom.Medusa!1.C21A (CLASSIC)
Yandex	Trojan.Filecoder!IKimDDCJuYs
SentinelOne	DFI – Suspicious PE
eGambit	Unsafe.AI_Score_95%
GData	Win32.Trojan-Ransom.Filecoder.BO
BitDefenderTheta	Gen:NN.ZexaF.34144.QuW@aK8T6Ili
AVG	Win32:Trojan-gen
Avast	Win32:Trojan-gen
Qihoo-360	Win32/Trojan.294