Crack

Application.Hacktool.YL (file analysis)

Malware Removal

The Application.Hacktool.YL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Application.Hacktool.YL virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the RedLine malware family
  • Anomalous binary characteristics

How to determine Application.Hacktool.YL?


File Info:

name: 1F23932652110260099C.mlw
path: /opt/CAPEv2/storage/binaries/985476e5a5b3ac39ae74849a5df6705e922c7404b700e6b52802220d420ee389
crc32: 781C02CF
md5: 1f23932652110260099ced8a04bc9c3c
sha1: cbce721661aa8d664b2b533116f4d2c74b8b7b27
sha256: 985476e5a5b3ac39ae74849a5df6705e922c7404b700e6b52802220d420ee389
sha512: 4146565a3831cfa46ffca5ed326f32bb3914c69b0d00e8a5c08f4278db33e44a1eb9b3166bca2d36a71bcc012d70b0f42be006770e56b0f71b5a93341625ef2f
ssdeep: 6144:9DKW1Lgbdl0TBBvjc/lUqffOV2qSFu6nxf/68n3pVfJ3d9SVU/rZAH:1h1Lk70TnvjcjnC2FU6xxnz9SVU/tAH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16A74DF2171C0C172C4B6113045E6CB7A4A7A7C21177A92D7BAD97FBB7E312D0A7362CA
sha3_384: 98842112af52e9fe4d38bcb23742f94bd213cc37c71351ff23b06a63d1b3f5ba4523d3f78c9f8b58facd3618c9067239
ep_bytes: e8e15c0000e9a4feffff8bff558bec83
timestamp: 2012-07-13 22:47:16

Version Info:

Translation: 0x0000 0x04b0
Comments:
CompanyName:
FileDescription: TerteusLoader
FileVersion: 1.0.0.0
InternalName: TerteusLoader.exe
LegalCopyright: Copyright © 2017
LegalTrademarks:
OriginalFilename: TerteusLoader.exe
ProductName: TerteusLoader
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Application.Hacktool.YL also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanApplication.Hacktool.YL
FireEyeGeneric.mg.1f23932652110260
McAfeeRDN/Generic Dropper
CylanceUnsafe
ZillyaDropper.Injector.Win32.84576
SangforRiskware.Win32.Agent.ky
CrowdStrikewin/malicious_confidence_60% (W)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/DllInject.AQG potentially unsafe
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
BitDefenderApplication.Hacktool.YL
NANO-AntivirusTrojan.Win32.Drop.eyzeyg
SUPERAntiSpywareTrojan.Agent/Gen-Injector
TencentWin32.Trojan-dropper.Injector.Dzkd
Ad-AwareApplication.Hacktool.YL
EmsisoftApplication.Hacktool.YL (B)
ComodoMalware@#2mted7slhro3w
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
SophosGeneric PUA ML (PUA)
IkarusTrojan.MSIL.Crypt
GDataWin32.Trojan.Sabsik.B
WebrootW32.Injector.tytg
ArcabitApplication.Hacktool.YL
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojan:Win32/Occamy.B
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34212.vq0@amCr@Bm
ALYacApplication.Hacktool.YL
VBA32TrojanDropper.Injector
MalwarebytesTrojan.Injector
RisingDropper.Injector!8.DC (CLOUD)
YandexTrojan.DR.Injector!+HD3rdmFR6U
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.TYTG!tr
Cybereasonmalicious.652110
PandaTrj/CI.A

How to remove Application.Hacktool.YL?

Application.Hacktool.YL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment