Malware

About “Downloader.Win32.ReqOffer” infection

Malware Removal

The Downloader.Win32.ReqOffer is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.ReqOffer virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to identify installed AV products by registry key
  • Detects Parallels through the presence of a registry key
  • Detects VirtualBox through the presence of a registry key
  • Detects VMware through the presence of a registry key
  • Detects Virtual PC through the presence of a registry key
  • Deletes executed files from disk

How to determine Downloader.Win32.ReqOffer?



File Info:

name: DF4EA51FC08B8B4D624E.mlw
path: /opt/CAPEv2/storage/binaries/8482f25c7254896faf2bb6c0b5d47a19eeb3183cc2d0c2a60662145d6bf6007b
crc32: 9226E1B7
md5: df4ea51fc08b8b4d624e601857afcf6e
sha1: 19dfc1e526b3e50f149afcfcee25d27a2112b610
sha256: 8482f25c7254896faf2bb6c0b5d47a19eeb3183cc2d0c2a60662145d6bf6007b
sha512: 6c7daea2cc89704495e15bde0c8b1d5465aac27d95363be4ee75e0ff0a4acdc94e5249beed9a9611f20940a553b8bf1a3c0dae4d45096d1ecc501d44b972fd63
ssdeep: 196608:QKjmXw1qH3bzJ6o9DYRASMKvTrWzljFoPa4ZYz9N0:QKswEHLzjzSMEiJRoPa4GBN0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DA763302EBC3C0B1F0563E34D835A488FF9B38B545E6616A2CFDD94E9F3574A89B9250
sha3_384: f2e4a1594e0d1250b25e31fe44e3bf2fc1ad3dc54826ec6d4bbc876130867924365b6287590ec1efd92842621623c4ff
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2018-06-14 13:27:46


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: xLauncher                                                   
FileDescription: xLauncher Setup                                             
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: xLauncher                                                   
ProductVersion: 1.0                                               
Translation: 0x0000 0x04b0

Downloader.Win32.ReqOffer also known as:

LionicRiskware.Win32.ReqOffer.1!c
Cylanceunsafe
CrowdStrikewin/grayware_confidence_70% (W)
K7GWAdware ( 0057021e1 )
K7AntiVirusAdware ( 0057021e1 )
CynetMalicious (score: 99)
Kasperskynot-a-virus:HEUR:Downloader.Win32.ReqOffer.gen
TencentWin32.Trojan.FalseSign.Iajl
F-SecureHeuristic.HEUR/AGEN.1333134
DrWebTrojan.LoadMoney.3973
McAfee-GW-EditionArtemis!PUP
AviraHEUR/AGEN.1333134
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.ReqOffer.gen
McAfeeArtemis!DF4EA51FC08B
VBA32Downloader.Downware
MaxSecureTrojan.Malware.133203980.susgen
DeepInstinctMALICIOUS

How to remove Downloader.Win32.ReqOffer?

Downloader.Win32.ReqOffer removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment