Malware

About “Win32/Pronny.AG” infection

Malware Removal

The Win32/Pronny.AG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Pronny.AG virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32/Pronny.AG?



File Info:

name: 668D7C19CF2A1BE67AA1.mlw
path: /opt/CAPEv2/storage/binaries/b733df0298857e5da1ffe4cb7e71e565dbeb7d38758a4ea3caae7215bd07f648
crc32: 97535943
md5: 668d7c19cf2a1be67aa170624acfdfc1
sha1: 527b4a78111ad238d28754e8ca4eaa3e56bdd492
sha256: b733df0298857e5da1ffe4cb7e71e565dbeb7d38758a4ea3caae7215bd07f648
sha512: b301a7bfef5c9fb9aba32c2294466d6478b1291abb4abb4deb106e5dd8704c05c32407f554f5c31e24b08cc70e8d7b7ecfc40ddf158187c07684d89486e5c6d5
ssdeep: 6144:qoXo5UtO7RQjX7XN1kd9JbSDviiopNDa/N08i0/:h4xNM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BF545366AE51803BF180D4FA2819C257791C3E7623D5EC07B3A09B4975312EBB6F4B1B
sha3_384: 8fac2d743948992a94f8d34f5dc737f648b22d6fb733cafec25ec245b3567a8bf8cb8e799b9b9002a9475cb8589f052b
ep_bytes: 68643f4000e8f0ffffff000000000000
timestamp: 2008-07-01 10:03:52


Version Info:

0: [No Data]

Win32/Pronny.AG also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.62377
CAT-QuickHealTrojan.Beebone.D
ALYacGen:Variant.Barys.62377
MalwarebytesMalware.AI.1126616574
VIPREGen:Variant.Barys.62377
SangforSuspicious.Win32.Save.vb
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
Cybereasonmalicious.9cf2a1
BaiduWin32.Worm.Autorun.l
VirITTrojan.Win32.Generic.BOKN
CyrenW32/Vobfus.SC.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Pronny.AG
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyTrojan.Win32.VB.bevr
BitDefenderGen:Variant.Barys.62377
NANO-AntivirusTrojan.Win32.VB.rilqo
AvastWin32:VB-ABVB [Trj]
TencentTrojan.Win32.VB.kd
TACHYONTrojan/W32.VB-Agent.282624.BW
EmsisoftGen:Variant.Barys.62377 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.VbCrypt.81
TrendMicroTROJ_AGENT_009309.TOMB
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dt
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.668d7c19cf2a1be6
SophosMal/SillyFDC-W
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Barys.62377
AviraTR/Dropper.Gen
Antiy-AVLWorm/Win32.WBNA.gen
ArcabitTrojan.Barys.DF3A9
ViRobotTrojan.Win32.A.VB.245760.G
ZoneAlarmTrojan.Win32.VB.bevr
MicrosoftWorm:Win32/Vobfus
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.VB.R560524
Acronissuspicious
McAfeeVBObfus.dr
MAXmalware (ai score=81)
VBA32TScope.Trojan.VB
Cylanceunsafe
PandaW32/Vobfus.GEW.worm
ZonerTrojan.Win32.87192
TrendMicro-HouseCallTROJ_AGENT_009309.TOMB
RisingWorm.Autorun!1.99E9 (CLASSIC)
YandexTrojan.GenAsa!YSF4V9v4wd4
IkarusTrojan.Crypt
FortinetW32/VBKrypt.C!tr
BitDefenderThetaGen:NN.ZevbaF.36196.rqZ@aq1xxpo
AVGWin32:VB-ABVB [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Pronny.AG?

Win32/Pronny.AG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment