Malware

Exploit.Win32.Shellcode.bmr (file analysis)

Malware Removal

The Exploit.Win32.Shellcode.bmr is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Exploit.Win32.Shellcode.bmr virus can do?

  • Creates RWX memory
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Exploit.Win32.Shellcode.bmr?



File Info:

crc32: 643D384B
md5: 11ce0edc36ee8e8525fd0eb8962aa557
name: win_update.exe
sha1: 1dde054cec17758406e052f7bef3d995fdadf8f8
sha256: 597afb461fdcbaedd91db8ae28ba290e66e7e2be0841df671a60fde91db3ec4c
sha512: e5760e69510e7c50f0db742179dde2e0b003331a1387315d71ced192cbac225bfd599c57b97ad87c96869fc875a748f63e9248aa6e7f8de6be6b7772cad7965e
ssdeep: 3072:9VVNzN7Di5qQogols6cRcnu+UYcZFCms2UZXut4OFCS:9VzpDi/clE2u9CgUZXuuZ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2016 Samuel Vasko
InternalName: Cmder
FileVersion: 1.3.6.678
CompanyName: Samuel Vasko
ProductName: Cmder
ProductVersion: 1.3.6.678
FileDescription: Cmder: Lovely Console Emulator.
OriginalFilename: Cmder.exe
Translation: 0x1009 0x04b0

Exploit.Win32.Shellcode.bmr also known as:

MicroWorld-eScanTrojan.GenericKD.32216638
FireEyeTrojan.GenericKD.32216638
Qihoo-360Win32/Trojan.Exploit.e63
ALYacTrojan.GenericKD.32216638
SangforMalware
BitDefenderTrojan.GenericKD.32216638
TrendMicroTROJ_GEN.R002C0PH819
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R002C0PH819
GDataTrojan.GenericKD.32216638
KasperskyExploit.Win32.Shellcode.bmr
AlibabaExploit:Win32/Shellcode.1031e167
AegisLabHacktool.Win32.Shellcode.3!c
APEXMalicious
RisingExploit.Shellcode!8.2A (CLOUD)
Ad-AwareTrojan.GenericKD.32216638
EmsisoftTrojan.GenericKD.32216638 (B)
McAfee-GW-EditionArtemis!Trojan
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
CyrenW32/Trojan.HMHS-3679
ArcabitTrojan.Generic.D1EB963E
AhnLab-V3Malware/Gen.Generic.C3251519
ZoneAlarmExploit.Win32.Shellcode.bmr
MicrosoftTrojan:Win32/Occamy.C
Acronissuspicious
McAfeeArtemis!11CE0EDC36EE
TencentWin32.Exploit.Shellcode.Dxxe
YandexExploit.Shellcode!metv5Eg9MNA
IkarusTrojan.Win32.Rozena
FortinetW32/Shellcode.BMR!exploit
AVGFileRepMetagen [Malware]
MaxSecureTrojan.Malware.1728101.susgen

How to remove Exploit.Win32.Shellcode.bmr?

Exploit.Win32.Shellcode.bmr removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment