Categories: Malware

Should I remove “Downloader.Win32.AdLoad.xlmr”?

The Downloader.Win32.AdLoad.xlmr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Downloader.Win32.AdLoad.xlmr virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (1 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Anomalous file deletion behavior detected (10+)
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Tries to suspend Cuckoo threads to prevent logging of malicious activity
Tries to unhook or modify Windows functions monitored by Cuckoo
Network activity contains more than one unique useragent.
Attempts to modify proxy settings

How to determine Downloader.Win32.AdLoad.xlmr?


File Info:
name: 3A4F461B97202EB0EFEC.mlwpath: /opt/CAPEv2/storage/binaries/fec76e0153b1f5d84e19e0a4c745708415e80df651719626d1f3ed08ece07acacrc32: 8E51CF90md5: 3a4f461b97202eb0efeca048e19d425fsha1: 734d74a33d6832b459ebf8f0a9435bdfb1d951ffsha256: fec76e0153b1f5d84e19e0a4c745708415e80df651719626d1f3ed08ece07acasha512: e529c2c7036fd26146f3f0d3cf73be8db20ff168cdfbd29cbb7a9f3903dbfbb6b087449e06c1f36fdc8edd559b0078f47f643d92a011f653e74d5c127169603essdeep: 49152:zcjNPc/Py6DCieQWE2r7/a40rT0su0zT7DOdIiasJCvWcJRW1lb6Fr:zcjNPcrtWE2ny4mk8I+9axktype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1C1C523176DC256B0E8512772ABE98E6054377EFC0D3BDD8CB295BB2366728887C1091Fsha3_384: df69e3b233fc7c3f6640f31b2819c072616bfe051c0de87641abdbcd3ca368f99d822fc443c0cfe8414d095368463d74ep_bytes: e847b00a006030c0f9f99cf8f2aee83dtimestamp: 2013-07-28 00:14:25
Version Info:
0: [No Data]

Downloader.Win32.AdLoad.xlmr also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
DrWeb	Adware.Downware.6518
FireEye	Generic.mg.3a4f461b97202eb0
Cylance	Unsafe
K7AntiVirus	Adware ( 005693e61 )
Alibaba	Downloader:Win32/FlyStudio.38155d35
K7GW	Adware ( 005693e61 )
Cybereason	malicious.33d683
BitDefenderTheta	Gen:NN.ZexaF.34084.GAW@amP3vDfb
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/FlyStudio.Packed.AE potentially unwanted
APEX	Malicious
Paloalto	generic.ml
Kaspersky	not-a-virus:Downloader.Win32.AdLoad.xlmr
NANO-Antivirus	Riskware.Win32.Adw.ddpcpz
Avast	Win32:Adware-gen [Adw]
Comodo	TrojWare.Win32.Agent.ISVQ@5mbonp
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Sophos	Mal/VMProtBad-A
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Antiy-AVL	Trojan/Generic.ASMalwS.16C5C33
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Packed/Win32.Vmpbad.C86060
Acronis	suspicious
McAfee	Artemis!3A4F461B9720
Rising	Trojan.Generic@ML.98 (RDML:tPnP+zQNtRwcmbrflg8Img)
Yandex	PUA.Downloader!g7p4/M4JIlU
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/FlyStudio_Packed.A
AVG	Win32:Adware-gen [Adw]
Panda	Trj/Chgt.C
CrowdStrike	win/malicious_confidence_80% (D)