Malware

Aspxor.2 malicious file

Malware Removal

The Aspxor.2 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Aspxor.2 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Behavior consistent with a dropper attempting to download the next stage.
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine Aspxor.2?



File Info:

name: F906A3805A266822AD52.mlw
path: /opt/CAPEv2/storage/binaries/f050e8689308fbe1232b4250b09f4b4e6522fbb97dda9390e29353a33a02c921
crc32: F28CA984
md5: f906a3805a266822ad5232ff0f2f368a
sha1: 85d6df2265346cd5c433be9ce37ddd6b03bb6c47
sha256: f050e8689308fbe1232b4250b09f4b4e6522fbb97dda9390e29353a33a02c921
sha512: 1922c0fa4abdf441095aded1f9f828f29f526b7d19aedfa80d0be73b5bbd9af3537d713ee8d5787cb633a525e799477689196333512aa171f1af0d7c37bb0732
ssdeep: 3072:Ar6XnnBtlhMtEvwiqjjdBFwpCOCxawVQauz9U:AOBtlhMt6jq2pZciv6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17DD3CF21B652C071D8A20134497AD3700A7D7D762A76A5C3FB883BAE6F716D09F39372
sha3_384: 1b28e1c94ac6bced02508c95e8adb92584899053b920e54efc7420efd54df00fac4278e2304739b3ceb9455776cdd2c4
ep_bytes: e83b2e0000e989feffff8bff558bec8b
timestamp: 2014-07-21 10:28:57


Version Info:

0: [No Data]

Aspxor.2 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Aspxor.2
FireEyeGeneric.mg.f906a3805a266822
CAT-QuickHealTrojanDownloader.Kuluoz.B4
McAfeeDownloader-FADF!F906A3805A26
CylanceUnsafe
ZillyaDownloader.Zortob.Win32.186
K7AntiVirusNetWorm ( 0040f8e81 )
K7GWNetWorm ( 0040f8e81 )
Cybereasonmalicious.05a266
BaiduWin32.Trojan-Downloader.Zortob.v
CyrenW32/Trojan.YKSY-8051
SymantecTrojan.Asprox.B
ESET-NOD32Win32/TrojanDownloader.Zortob.B
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Worm.Aspxor-6987840-0
KasperskyNet-Worm.Win32.Aspxor.bqag
BitDefenderGen:Variant.Aspxor.2
NANO-AntivirusTrojan.Win32.Aspxor.dcnnwy
SUPERAntiSpywareTrojan.Agent/Gen-Kuluoz
AvastWin32:GenMalicious-ER [Trj]
TencentMalware.Win32.Gencirc.10b281ef
Ad-AwareGen:Variant.Aspxor.2
TACHYONWorm/W32.Aspxor.134656.C
EmsisoftGen:Variant.Aspxor.2 (B)
ComodoTrojWare.Win32.TrojanDownloader.Kuluoz.BQA@5dirth
DrWebBackDoor.Kuluoz.4
VIPRETrojan.Win32.Zortob.bb (v)
TrendMicroBKDR_KULOUZ.SMXZ
McAfee-GW-EditionDownloader-FADF!F906A3805A26
SophosML/PE-A + Mal/Wonton-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Aspxor.2
JiangminWorm/Aspxor.ha
WebrootW32.Trojan.Agent.Gen
AviraTR/Spy.Zbot.bqag
Antiy-AVLTrojan/Generic.ASMalwS.B208A7
MicrosoftTrojanDownloader:Win32/Kuluoz.D
CynetMalicious (score: 99)
AhnLab-V3Win-Trojan/Zbot.134656.CH
VBA32BScope.Backdoor.Kuluoz
ALYacGen:Variant.Aspxor.2
MAXmalware (ai score=84)
MalwarebytesMachineLearning/Anomalous.100%
TrendMicro-HouseCallBKDR_KULOUZ.SMXZ
RisingTrojan.Generic@ML.88 (RDML:qFjWQxLlholRiDEFbz9ftA)
YandexWorm.Aspxor!rQOfLW1lp6Q
IkarusTrojan-Spy.Zbot
FortinetW32/Kryptik.CHGL!tr
BitDefenderThetaGen:NN.ZexaF.34294.iuW@a8LC6Ypi
AVGWin32:GenMalicious-ER [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Aspxor.2?

Aspxor.2 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment