Adware

Adware.SMSHoax.4 removal

Malware Removal

The Adware.SMSHoax.4 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Adware.SMSHoax.4 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks the version of Bios, possibly for anti-virtualization
  • Collects information to fingerprint the system

How to determine Adware.SMSHoax.4?



File Info:

name: 4A502F3A05DBDDC61AA3.mlw
path: /opt/CAPEv2/storage/binaries/f99ba8a003f9ca8c4a0f7f6a1e48e6f497ffeec8961927e560065449d8fb1375
crc32: 144B0B0A
md5: 4a502f3a05dbddc61aa30292f52ed20d
sha1: 05cfc213e3a53e543ae5be6ffb000d2eb6ee7bc2
sha256: f99ba8a003f9ca8c4a0f7f6a1e48e6f497ffeec8961927e560065449d8fb1375
sha512: 2f1dbd9e85de4f33c9d9ac75b3a6642a989bdf2ffc0d90681687358c5b53f29fcf816490ef27d95746613a475bd123071afc6585168cd4743ba4779872ee2ac6
ssdeep: 196608:OBdw+2qfa8GxpxmM0FN9HPzEMNOUFALuHuTOvXv2G25uXMT3vl8E9jg:OBqwbcED1PYVRqH+O3FGucT3NvE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T178A6334993094D3EEDCA817C56AFE3A40114A6B7A603AC37C6BD10D47A918E50DCF3BB
sha3_384: 40e9571a7baa62a20a4dca560469fb8b4165727b1ae65f2b740213e927159f610a5cbedd5605f438a292c0d5206d30a9
ep_bytes: 833d08a0800001753b525001d85989cb
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 1.0.0.4
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.4
Translation: 0x0000 0x04e3

Adware.SMSHoax.4 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.lson
MicroWorld-eScanGen:Adware.SMSHoax.4
FireEyeGeneric.mg.4a502f3a05dbddc6
SangforTrojan.Win32.Generic.ky
K7AntiVirusTrojan ( 003fc4c31 )
AlibabaHoax:Win32/ArchSMS.279c24c6
K7GWTrojan ( 003fc4c31 )
Cybereasonmalicious.a05dbd
BitDefenderThetaAI:Packer.B61CD95422
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Hoax.ArchSMS.AAW
TrendMicro-HouseCallTROJ_GEN.R03BC0PF422
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Adware.SMSHoax.4
NANO-AntivirusTrojan.Win32.ArchSMS.cwzene
AvastWin32:SMSSend-BIR [Trj]
TencentWin32.Risk.Hoax.Pdme
Ad-AwareGen:Adware.SMSHoax.4
EmsisoftGen:Adware.SMSHoax.4 (B)
ComodoTrojWare.Win32.Kryptik.BEUX@52xauq
TrendMicroTROJ_GEN.R03BC0PF422
McAfee-GW-EditionBehavesLike.Win32.AdwareIMonster.tc
Trapminemalicious.moderate.ml.score
SophosTroj/ArchSMS-V
APEXMalicious
AviraTR/Fraud.Gen8
MAXmalware (ai score=69)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Adware.SMSHoax.4
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.ArchSMS.R61270
Acronissuspicious
McAfeeGeneric-FAGS!4A502F3A05DB
VBA32BScope.Trojan.Zipparch
IkarusTrojan.Win32.Crypt
YandexTrojan.GenAsa!yH5Hlv+Wj20
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.BKLI!tr
AVGWin32:SMSSend-BIR [Trj]
PandaTrj/Genetic.gen

How to remove Adware.SMSHoax.4?

Adware.SMSHoax.4 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment