Malware

What is “Downloader.Win32.Gamini.pmk”?

Malware Removal

The Downloader.Win32.Gamini.pmk is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.Gamini.pmk virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Downloader.Win32.Gamini.pmk?



File Info:

name: 26FA071996E5B6781DFA.mlw
path: /opt/CAPEv2/storage/binaries/5a6551affbfc0cd15e9257abf524e662c59481c137d3d14070a30b5767eccbaf
crc32: 8F2FEE9C
md5: 26fa071996e5b6781dfa8c745965d1f2
sha1: 251a2180f02735a5c098e4950e7c005ecad67948
sha256: 5a6551affbfc0cd15e9257abf524e662c59481c137d3d14070a30b5767eccbaf
sha512: 52b84d8431131e610aa2759315acc0a616edb947416be943ca74d5cbdf06d30daa9909101a2359c80adcb2578485e83ba2a1cbe8ead294f12ce6b77c8baaf8ae
ssdeep: 24576:y4nXubIQGyxbPV0db26POqf1ujoYKwChUVr2uIyb1VXcs0mBuI5e3BnRWZMJ3:yqe3f6S5jRKNhEr2pkXLdBuCeRnR13
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BFA59D2BB267912EC1798772D07357105A3FAF50A5464E2B83F0BC4EFF321612F2A659
sha3_384: d2cfc41a80b6b4eb45a06c65dd500b9d345ab756927062f0d8555a1aba7f66253690ed62093df5ffdb360330970aa86e
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2021-06-03 08:09:11


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: tuttop.com                                                  
FileDescription: Internet Cafe Simulator 2 Setup                             
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Internet Cafe Simulator 2                                   
ProductVersion: 1.2.2                                             
Translation: 0x0000 0x04b0

Downloader.Win32.Gamini.pmk also known as:

Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.Generic.vc
MalwarebytesPUP.Optional.BundleInstaller
AlibabaDownloader:Win32/Gamini.abbec92d
CrowdStrikewin/grayware_confidence_90% (W)
CynetMalicious (score: 100)
Kasperskynot-a-virus:Downloader.Win32.Gamini.pmk
DrWebAdware.Downware.20519
Trapminemalicious.moderate.ml.score
IkarusTrojan.SuspectCRC
ZoneAlarmnot-a-virus:Downloader.Win32.Gamini.pmk
GoogleDetected
VBA32TScope.Trojan.Delf
MaxSecureTrojan.Malware.300983.susgen
DeepInstinctMALICIOUS

How to remove Downloader.Win32.Gamini.pmk?

Downloader.Win32.Gamini.pmk removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment