Categories: Malware

FileRepMalware [Bot] removal instruction

The FileRepMalware [Bot] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What FileRepMalware [Bot] virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
HTTPS urls from behavior.
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Mongolian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
A process attempted to delay the analysis task by a long amount of time.
Created a process from a suspicious location
Installs itself for autorun at Windows startup
Installs itself for autorun at Windows startup
A process sent information about the computer to a remote location.
Attempts to identify installed AV products by installation directory
Attempts to modify proxy settings
Creates a copy of itself
Uses suspicious command line tools or Windows utilities

How to determine FileRepMalware [Bot]?


File Info:
name: FE8E81D321B32199B9CC.mlwpath: /opt/CAPEv2/storage/binaries/cf5902765c6bc3e1867c5914dd24a12d830d330e7411508e7dafe84806383476crc32: 8872887Bmd5: fe8e81d321b32199b9ccadc2a0f3595asha1: 9efc2d2b30fa2485f8e56afa66274388abd64213sha256: cf5902765c6bc3e1867c5914dd24a12d830d330e7411508e7dafe84806383476sha512: 685b52b97bbfeb40f4a6c5c70a86fd48cf30b6b01c6c6d9099e76b4b06ede57f35742d87a5cf88561b9f983311e69d2f9ac16647821b374f12576d9576460a26ssdeep: 3072:gF/qq6DzjwREdjNnz1ivo4A+Z+Ih0k4S+mxNo5ffkDYLxHEDxyO:Ax6DggAvQnIH4VkDUxkMOtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12544E02076E0D037E117463408E186676A667CF26B76EE8F3BD81B7D1F711A1237A326sha3_384: 258afb12163da9a27ada292fbdaa0b0a4087f4b8d4a67fc349dd217e6b62fc5299fa01c6489a701f0a601c8ee943cf07ep_bytes: e8b7380000e989feffff578bc683e00ftimestamp: 2020-12-16 16:55:50
Version Info:
FileVersions: 29.47.75.23Copyrighz: Copyright (C) 2022, pozkarteProjectVersion: 22.82.72.51

FileRepMalware [Bot] also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Ransomware ( 005532e31 )
K7GW	Trojan ( 00593a201 )
CrowdStrike	win/malicious_confidence_100% (W)
tehtris	Generic.Malware
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware [Bot]
McAfee-GW-Edition	BehavesLike.Win32.Packed.dh
SentinelOne	Static AI – Malicious PE
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.fe8e81d321b32199
Sophos	ML/PE-A
Ikarus	Trojan.Crypter
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
Malwarebytes	Trojan.MalPack.GS
APEX	Malicious
Rising	Trojan.Generic@AI.100 (RDML:lWM0u6hxpiFkvmVZNrKnTw)
MaxSecure	Trojan.Malware.300983.susgen
AVG	FileRepMalware [Bot]
Cybereason	malicious.b30fa2