Malware

Application.WpaKill.G (B) malicious file

Malware Removal

The Application.WpaKill.G (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Application.WpaKill.G (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Attempts to modify or disable Security Center warnings
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Application.WpaKill.G (B)?



File Info:

name: 83D4EF3547661652B5BB.mlw
path: /opt/CAPEv2/storage/binaries/ddc8f9ac172d28d021c411e56ed93d6aee25a97fd38ba81ff5c1743d99443480
crc32: E3E8A2D1
md5: 83d4ef3547661652b5bb534b1443422a
sha1: 13d8c562cac1ea9c406e23d3b6cdd425b99fa07e
sha256: ddc8f9ac172d28d021c411e56ed93d6aee25a97fd38ba81ff5c1743d99443480
sha512: 93a64ef25ec1b67fc08052e6d0faf53f81d63b2121876485b4437a834638d418b02ebd362b4c69a917df6ed3262bba1ea34a054b5dfc6450c10a71ec0c1ee150
ssdeep: 196608:XO1vl2r4a7SdzRDymXLa4mnb0DtUog3jCUE2nKNfMILF9UBDHLSwxT1aQhS:wt2D7Sd1ymX+4mnOU9+UCZM6kzWu12
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F5A6338270D084FBDC2538F4855B167325A2DD1E9E40AA5352F8F92D84F54A3ED2AE3F
sha3_384: 6cf272a6cfa231a1549284a7f5efba1fb136c5aaaf0dd42bb77cfc0a006c82481c127ddeb3916acb9f17dc47b36950ec
ep_bytes: 88d914b38d15bca6f1e2c6c4fb84cbc6
timestamp: 2009-06-23 17:57:07


Version Info:

Comments: Created with AutoPlay Media Studio (www.indigorose.com)
CompanyName: Anemeros Software
FileDescription: The Perpetuation Endeavor
FileVersion: 0.9.0.0
InternalName: ams60_launch
LegalCopyright: Copyright (c) 2009 - Anemeros Software
LegalTrademarks: Chew-WGA
OriginalFilename: cw.exe
ProductName: Chew-WGA v0.9
ProductVersion: 0.9.0.0
Translation: 0x0409 0x0000

Application.WpaKill.G (B) also known as:

BkavW32.Sality.PE
Elasticmalicious (high confidence)
MicroWorld-eScanApplication.WpaKill.G
FireEyeGeneric.mg.83d4ef3547661652
CAT-QuickHealW32.Sality.U
ALYacApplication.WpaKill.G
CylanceUnsafe
VIPREVirus.Win32.Sality.at (v)
K7AntiVirusVirus ( f10001071 )
K7GWVirus ( f10001071 )
CrowdStrikewin/malicious_confidence_60% (D)
BaiduWin32.Virus.Sality.gen
VirITWin32.Sality.BH
CyrenW32/Sality.gen2
SymantecW32.Sality.AE
ESET-NOD32Win32/Sality.NBA
APEXMalicious
ClamAVWin.Virus.Parite-7147334-1
KasperskyVirus.Win32.Sality.sil
BitDefenderApplication.WpaKill.G
NANO-AntivirusVirus.Win32.Sality.beygb
AvastWin32:SaliCode [Inf]
TencentVirus.Win32.TuTu.Gen.200004
Ad-AwareApplication.WpaKill.G
SophosMal/Sality-D
ComodoVirus.Win32.Sality.gen@1egj5j
DrWebWin32.Sector.30
ZillyaVirus.Sality.Win32.25
TrendMicroPE_SALITY.RL
McAfee-GW-EditionW32/Sality.gen.z
EmsisoftApplication.WpaKill.G (B)
IkarusHackTool.Win32.Wpakill
JiangminWin32/HLLP.Kuku.poly2
AviraW32/Sality.AT
MAXmalware (ai score=70)
Antiy-AVLTrojan/Generic.ASVirus.C4
MicrosoftVirus:Win32/Sality.AT
ViRobotWin32.Sality.Gen.A
GDataWin32.Virus.Sality.A
CynetMalicious (score: 100)
AhnLab-V3Win32/Kashu.E
McAfeeW32/Sality.gen.z
TACHYONVirus/W32.Sality.D
VBA32Virus.Win32.Sality.bakc
MalwarebytesHackTool.ChewWGA
TrendMicro-HouseCallPE_SALITY.RL
RisingVirus.Sality!1.A5BD (CLASSIC)
YandexHackTool.WinActivator!8tgvyoQ+R1s
SentinelOneStatic AI – Malicious PE
MaxSecureVirus.Sality.BH
FortinetW32/CoinMiner.BH
BitDefenderThetaAI:FileInfector.A5ECCBAB0E
AVGWin32:SaliCode [Inf]
Cybereasonmalicious.547661
PandaW32/Sality.AA

How to remove Application.WpaKill.G (B)?

Application.WpaKill.G (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment