Malware

Downloader.281 removal tips

Malware Removal

The Downloader.281 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.281 virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:0
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Stores JavaScript or a script command in the registry, likely for persistence or configuration
  • Creates a hidden or system file
  • Attempts to identify installed AV products by installation directory

Related domains:

spark.lightburst.xyz

How to determine Downloader.281?



File Info:

crc32: 6E03967A
md5: a5076245d573c4477d75f8e767a24ddc
name: A5076245D573C4477D75F8E767A24DDC.mlw
sha1: 594f65adb484ad2d9fea7eba058b4f03dd6feabc
sha256: 64fa359ee0cc2f6724acd29a0ea27bb086922d80c8d2aa385c03db890d5e8bb3
sha512: 6e02f45ebf8a9d1c2809b455d5829930e6dc45cfd1a7022ff44796f0a6144375b6b16a3497cb664df797746dc8970532b09bba00748ac7c1ffda0ccb3760ce9f
ssdeep: 24576:RJeo26y1eqAyY6fNC1TUSzEPBzTWf7xblPzW:D92NC1TUSQzalb
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Downloader.281 also known as:

CynetMalicious (score: 100)
ALYacGen:Variant.Downloader.281
BitDefenderGen:Variant.Downloader.281
Cybereasonmalicious.5d573c
KasperskyVHO:Trojan.Win32.Agent.gen
MicroWorld-eScanGen:Variant.Downloader.281
Ad-AwareGen:Variant.Downloader.281
FireEyeGeneric.mg.a5076245d573c447
EmsisoftGen:Variant.Downloader.281 (B)
eGambitPE.Heur.InvalidSig
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Downloader.281
GDataGen:Variant.Downloader.281
MAXmalware (ai score=84)
MalwarebytesMachineLearning/Anomalous.100%
IkarusTrojan-PSW.Discord
MaxSecureTrojan.Malware.300983.susgen

How to remove Downloader.281?

Downloader.281 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment