Malware

AdWare.Win32.Ruco.dex malicious file

Malware Removal

The AdWare.Win32.Ruco.dex is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Ruco.dex virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Attempts to modify desktop wallpaper

How to determine AdWare.Win32.Ruco.dex?



File Info:

name: 52D4456A4B349DFD4EF3.mlw
path: /opt/CAPEv2/storage/binaries/5a4f63cedd9cfe6271e503ff42ff4c7978766c43045a9fa3b546a88fd185babe
crc32: A8D85B7B
md5: 52d4456a4b349dfd4ef3e8503e1b7b47
sha1: 236a24bd5dcb54bb6fff232907139cab58999559
sha256: 5a4f63cedd9cfe6271e503ff42ff4c7978766c43045a9fa3b546a88fd185babe
sha512: 6e9881d85c8909624a18e2d23f02a5852ff52261d1257a31532d2c333fe6f7ec136d7d229ea39306b09f712d7fbc92fd5a66adec0dfc94bad7d47425c3136d6f
ssdeep: 196608:ltKU3mXTLPwG8y/bc0YTUE/nJdRhMxTnt8NaLwJ+If/fwUkTY:lAUev8y/JwnJuxxGaLwJ+IvwUkc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C9C6332E26FC4F17F5AABE38E0373E5656B4C6856C7911FF13E628081CB19198D0AB35
sha3_384: 3714ab62a7bd7fc7ef1e6eba7530536264ce3e0e59c8324745099a427f5ac65d5de0b732202041602972a5728b20316f
ep_bytes: 60be00a0fb008dbe007044ff57eb0b90
timestamp: 2021-08-23 00:34:14


Version Info:

FileVersion: 6.1.21.823
LegalCopyright: Copyright © 2013-2015
ProductVersion: 6.1.21.823
授权方式: arFi
Translation: 0x0804 0x04b0

AdWare.Win32.Ruco.dex also known as:

BkavW32.AIDetect.malware1
LionicAdware.Win32.Ruco.2!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Trojan.Crypt.1
FireEyeGeneric.mg.52d4456a4b349dfd
McAfeeArtemis!52D4456A4B34
CylanceUnsafe
SangforAdware.Win32.Ruco.dex
K7AntiVirusTrojan ( 0058fbc51 )
AlibabaAdWare:Win32/Injector.86c6d041
K7GWTrojan ( 0058fbc51 )
Cybereasonmalicious.a4b349
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.Autoit.Y suspicious
TrendMicro-HouseCallTROJ_GEN.R002H09CP22
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.Ruco.dex
BitDefenderGen:Variant.Trojan.Crypt.1
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Variant.Trojan.Crypt.1
EmsisoftGen:Variant.Trojan.Crypt.1 (B)
DrWebTrojan.Rootkit.22035
ZillyaDropper.Agent.Win32.470766
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.wc
SophosGeneric PUA CD (PUA)
APEXMalicious
GDataGen:Variant.Trojan.Crypt.1 (2x)
JiangminAdWare.Ruco.sy
WebrootW32.Trojan.Gen
AviraTR/Dropper.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
VBA32Adware.Ruco
MAXmalware (ai score=86)
MalwarebytesTrojan.Dropper.AutoIt
RisingTrojan.Obfus/Autoit!1.C72A (CLASSIC:bWQ1OoBiee8ETDgdC+gSPwCwrG8)
IkarusTrojan.Win32.Injector
MaxSecureTrojan.Malware.151301623.susgen
FortinetRiskware/Application
AVGWin32:TrojanX-gen [Trj]

How to remove AdWare.Win32.Ruco.dex?

AdWare.Win32.Ruco.dex removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment