Malware

How to remove “Downloader.Win32.YXdown.afn”?

Malware Removal

The Downloader.Win32.YXdown.afn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.YXdown.afn virus can do?

  • Presents an Authenticode digital signature
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Network activity contains more than one unique useragent.
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify browser security settings
  • Anomalous binary characteristics

Related domains:

dnlod.52kfly.com
census.hz.52kfly.com
api.hz.52kfly.com
ustats.hz.52kfly.com
hzconfig.52kfly.com
i.52kfly.com

How to determine Downloader.Win32.YXdown.afn?



File Info:

crc32: 7220C8C1
md5: 60d4fb4dd0b8a76868ca5d355e25ee54
name: ___________________192770340.exe
sha1: 5a6788d00eab11be05c0bc3b7529cc7e6f2e151a
sha256: 3d2214820932f38eb28d7654e3b91f4eab80a0fc9a3b3f664ef6301ae9cd3860
sha512: 49a466d8fa0170f496ea6414cb2a49c5ca14aaaaccd763bd7583a4c93308801e12f196a255ee2bf4a77fcc0440fc479a685fddfad1a110238da5c5d6dc2f4498
ssdeep: 196608:dVO9z75WB+MWnOh9Z4w66PV9fd6HojLfSrkVbqR28:kAB+MWngP/8HWLjVbX8
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2019 Shanghai Youwo Information Technology Co., Ltd.
InternalName: Setup
FileVersion: 1, 2, 3, 8
Comments: x5b89x88c5x5411x5bfc
ProductName: x5b89x88c5x5411x5bfc
ProductVersion: 1, 2, 3, 8
FileDescription: x5b89x88c5x5411x5bfc
OriginalFilename: Setup.exe
Translation: 0x0804 0x04b0

Downloader.Win32.YXdown.afn also known as:

MicroWorld-eScanGen:Variant.Ulise.89988
McAfeeArtemis!60D4FB4DD0B8
ALYacGen:Variant.Ulise.89988
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusRiskware ( 0054b91b1 )
BitDefenderGen:Variant.Ulise.89988
K7GWRiskware ( 0054b91b1 )
Invinceaheuristic
F-ProtW32/S-a2655cb3!Eldorado
APEXMalicious
AvastWin32:Malware-gen
GDataGen:Variant.Ulise.89988
Kasperskynot-a-virus:Downloader.Win32.YXdown.afn
AlibabaDownloader:Win32/YXdown.17fcd275
NANO-AntivirusTrojan.Win32.YouXun.havpxc
AegisLabRiskware.Win32.YXdown.1!c
RisingTrojan.Generic@ML.100 (RDMK:ZVga7CEl8Lk/A6Ef92TxNw)
Endgamemalicious (high confidence)
EmsisoftGen:Variant.Ulise.89988 (B)
ComodoApplicUnwnt@#157nlamoak0xh
DrWebTrojan.Siggen9.10927
ZillyaTool.YouXun.Win32.770
McAfee-GW-EditionArtemis
MaxSecureTrojan.Malware.74723253.susgen
FireEyeGeneric.mg.60d4fb4dd0b8a768
SophosMal/Generic-S
CyrenW32/S-a2655cb3!Eldorado
JiangminDownloader.YXdown.aq
WebrootW32.Malware.Gen
MAXmalware (ai score=99)
ArcabitTrojan.Ulise.D15F84
ZoneAlarmnot-a-virus:Downloader.Win32.YXdown.afn
MicrosoftPUA:Win32/Youxun
AhnLab-V3PUP/Win32.Agent.R307138
VBA32BScope.Trojan.FakeAlert
Ad-AwareGen:Variant.Ulise.89988
MalwarebytesRiskWare.YouXun
PandaTrj/CI.A
ESET-NOD32a variant of Win32/RiskWare.YouXun.L
TrendMicro-HouseCallTROJ_GEN.R023H0CA820
SentinelOneDFI – Suspicious PE
eGambitUnsafe.AI_Score_89%
FortinetW32/Eldorado.5AE8!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Downloader.Win32.YXdown.afn?

Downloader.Win32.YXdown.afn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment