Adrozek.76 (file analysis)

The Adrozek.76 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Adrozek.76 virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Adrozek.76?


File Info:
crc32: 594A3194
md5: fbb9fee2625e181c42879b46d1f476af
name: FBB9FEE2625E181C42879B46D1F476AF.mlw
sha1: 32c93664161252630fe4afdf6f06a8db06ab643c
sha256: 3e5d979800e23d09c94bc898fbd21f53995fdc1e55309a6c0a55e02d2441a89c
sha512: 870f9a6291aba9316c5f672a0a531d47296852f9e1284380f91aeb62dc06bb3c8636d10077090da3ee78b75034cd44789d72df4869d6bfac3dc1df30462343e3
ssdeep: 12288:ZVyWMGer8SF37ssKSShGMurVTqSkE1jnqGnhQvsnWSDKf8v22PdoI6ZSd9chppq:PSZoJur8SkEVB5NKfa221n629chiNaA
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 1998-2013 WIDISOFT
InternalName: WIDI
FileVersion: 4.3.1580
CompanyName: WIDISOFT
LegalTrademarks1: All Rights Reserved
LegalTrademarks2: All Rights Reserved
ProductName: WIDI Recognition System
ProductVersion: 4.3
FileDescription: WIDI Recognition System
OriginalFilename: Widi.exe
Translation: 0x0409 0x04e4

Adrozek.76 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0058214e1 )
Lionic	Trojan.Win32.Staser.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen9.22670
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Adrozek.76
Cylance	Unsafe
Zillya	Trojan.Staser.Win32.9927
Sangfor	Adware.Win32.Adrozek.mt
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Trojan:Win32/Staser.cea77aa5
K7GW	Trojan ( 0058214e1 )
Cybereason	malicious.2625e1
Cyren	W32/Ekstak.Y.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HHUB
APEX	Malicious
Avast	Win32:AdwareX-gen [Adw]
ClamAV	Win.Packed.Zusy-9777681-0
Kaspersky	HEUR:Trojan.Win32.Staser.gen
BitDefender	Gen:Variant.Adrozek.76
NANO-Antivirus	Trojan.Win32.Staser.hzotib
MicroWorld-eScan	Gen:Variant.Adrozek.76
Tencent	Win32.Trojan.Staser.Egof
Ad-Aware	Gen:Variant.Adrozek.76
Sophos	Troj/Agent-BEQV
Comodo	Malware@#2cf2wirhetodi
BitDefenderTheta	Gen:NN.ZexaCO.34266.mv0@aypiwABT
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Tupym.tc
FireEye	Generic.mg.fbb9fee2625e181c
Emsisoft	Gen:Variant.Adrozek.76 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Staser.gej
Avira	TR/Crypt.Agent.wjdyh
eGambit	Unsafe.AI_Score_100%
Antiy-AVL	Trojan/Generic.ASMalwS.30F313B
Microsoft	BrowserModifier:Win32/Adrozek
Arcabit	Trojan.Adrozek.76
SUPERAntiSpyware	Trojan.Agent/Gen-Staser
GData	Gen:Variant.Adrozek.76
AhnLab-V3	PUP/Win32.FakeInstaller.C4205354
Acronis	suspicious
McAfee	GenericRXMG-FR!FBB9FEE2625E
MAX	malware (ai score=83)
VBA32	BScope.Trojan.Ekstak
Malwarebytes	Adware.DownloadAssistant
Panda	Trj/GdSda.A
Rising	Trojan.Kryptik!1.AA23 (CLASSIC)
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.GYQC!tr
AVG	Win32:AdwareX-gen [Adw]
Paloalto	generic.ml

How to remove Adrozek.76?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Adrozek.76 (file analysis)