Categories: Worm

Email-Worm.Win32.LovGate.kyn information

The Email-Worm.Win32.LovGate.kyn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Email-Worm.Win32.LovGate.kyn virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Scheduled file move on reboot detected
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Anomalous file deletion behavior detected (10+)
Guard pages use detected – possible anti-debugging.
A process attempted to delay the analysis task.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Detects Sandboxie through the presence of a library
Detects Avast Antivirus through the presence of a library
Checks for the presence of known windows from debuggers and forensic tools
Created a process from a suspicious location
Steals private information from local Internet browsers
Collects and encrypts information about the computer likely to send to C2 server
Network activity contains more than one unique useragent.
Writes a potential ransom message to disk
A script process created a new process
Creates a hidden or system file
CAPE detected the DLInjector04 malware family
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Attempts to modify proxy settings
Appears to use command line obfuscation
Attempts to disable Windows Defender
Attempts to modify Windows Defender using PowerShell
Harvests cookies for information gathering
Attempts to execute suspicious powershell command arguments
Collects information to fingerprint the system
Uses suspicious command line tools or Windows utilities

How to determine Email-Worm.Win32.LovGate.kyn?


File Info:
name: 6034904FFF9313322516.mlwpath: /opt/CAPEv2/storage/binaries/a2e952b0369907dd7728948871af1b6035f974d9c9df9d1bb84fafe5dc2b4410crc32: 576A4BFCmd5: 6034904fff9313322516f1d069655b70sha1: 3d3b540bc6e37abc8cf2bdc765df8e1a61963b9dsha256: a2e952b0369907dd7728948871af1b6035f974d9c9df9d1bb84fafe5dc2b4410sha512: 028969cfc788c2e51de74c800d69a629f7c43f572562cd4e5673e76a8a3cef42ba2b8b0dcd243dfe0d402a75e4764867104cff8143e1cd063931326b985e1ad4ssdeep: 98304:xRCvLUBsgAXhVSyaKfakLaUrFTva2aJYuLYZR9DYK6x0xDTVj4cdMut0e+y2Lzy:x6LUCgebSyhfakLHrBva2aJ9LYZR9DRRtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T184563341F952E1FDCC821632A988A5F168BDC3580E678613E7B55E1E0B7C46C8235FEBsha3_384: 4ed05ae86674097023134509746c00d3a29a13aa95d774f7641c59fee7558a8b291ece8de1176b0f1ed05093d2a1be4eep_bytes: 558bec6aff6898c24100680691410064timestamp: 2019-02-21 16:00:00
Version Info:
CompanyName: Igor PavlovFileDescription: 7z Setup SFXFileVersion: 19.00InternalName: 7zS.sfxLegalCopyright: Copyright (c) 1999-2018 Igor PavlovOriginalFilename: 7zS.sfx.exeProductName: 7-ZipProductVersion: 19.00Translation: 0x0409 0x04b0

Email-Worm.Win32.LovGate.kyn also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen15.38938
MicroWorld-eScan	Gen:Variant.Jaik.47957
FireEye	Gen:Variant.Jaik.47957
CAT-QuickHeal	Trojan.SabsikIH.S21959152
ALYac	Gen:Variant.Jaik.47957
Cylance	Unsafe
K7AntiVirus	Trojan ( 00588c0e1 )
BitDefender	Gen:Variant.Jaik.47957
K7GW	Trojan ( 00588c0e1 )
Cybereason	malicious.fff931
BitDefenderTheta	Gen:NN.ZedlaF.34294.n88baOE@FOp
Cyren	W32/Agent.DOY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
Paloalto	generic.ml
ClamAV	Win.Packed.Barys-9859531-0
Kaspersky	Email-Worm.Win32.LovGate.kyn
Alibaba	Worm:Win32/LovGate.57d8d1e4
NANO-Antivirus	Trojan.Win32.LovGate.jhhgrj
ViRobot	Trojan.Win32.Z.Psw.6161435
Tencent	Win32.Trojan.Multiple.Wkvk
Ad-Aware	Gen:Variant.Jaik.47957
Sophos	Mal/Generic-S
TrendMicro	TROJ_GEN.R002C0DKA21
McAfee-GW-Edition	BehavesLike.Win32.AdwareDealPly.tc
Emsisoft	Gen:Variant.Jaik.47957 (B)
Jiangmin	Trojan.PSW.Disbuk.dj
eGambit	Unsafe.AI_Score_55%
Avira	TR/PSW.Agent.nkkcm
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Generic.ASMalwS.34CC796
Kingsoft	Win32.Hack.Undef.(kcloud)
Microsoft	Trojan:Win32/ArkeiStealer.DB!MTB
GData	Gen:Variant.Jaik.47957
Cynet	Malicious (score: 100)
McAfee	Artemis!6034904FFF93
VBA32	Trojan.Zapchast
Malwarebytes	Trojan.Dropper.SFX.Generic
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DKA21
Rising	Stealer.FBAdsCard!1.CE03 (CLASSIC:9aJLGYFQdT2Y/7IzwQD2yQ)
Yandex	Trojan.Zapchast!0sbx9ZKC/Hc
MaxSecure	Trojan.Malware.1473518.susgen
Fortinet	W32/BSE.4Q7Q!tr
Webroot	W32.Trojan.Gen
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)