Categories: Malware

Generic.EmotetAE.44C2B01C malicious file

The Generic.EmotetAE.44C2B01C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Generic.EmotetAE.44C2B01C virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Reads data out of its own binary image
A process created a hidden window
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection
CAPE detected the AgentTeslaV3 malware family

How to determine Generic.EmotetAE.44C2B01C?


File Info:
name: 575FB6D573BB67BFFD6D.mlwpath: /opt/CAPEv2/storage/binaries/bfc8cbd13bd96dc072116f2d663d0e9b0d22ca9a99759bd5a6354316c2c78786crc32: EAE4981Cmd5: 575fb6d573bb67bffd6dbbd56b38588bsha1: d766175f332a3b9893cb973aef9598178cc324fesha256: bfc8cbd13bd96dc072116f2d663d0e9b0d22ca9a99759bd5a6354316c2c78786sha512: fc1feaae758aa640e4cc2eadbf5fbddc34bcffe762bf31d36b0b9f2640450ec20f9459f9046b13a2a50126a4c529d503e9715de202f148214a749e75db8671e5ssdeep: 6144:0cSRfdD6Nt79WPnBAObr4Ch80JOSyLrLE7a6zGR5TehfJ/RwkOE0msUT:09RfdWNIB3hvsfLaa6u5TehfdRyELTtype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T1E794CF1474D3C072D0B3553519F5EAB59A3DBD220B618ABF27E84B2D0F342D16A36BB2sha3_384: be382a82dd3b50f56c96519d5018448ac5759f1921ece309e14fb69dc391711397b127806e96ba29de1169c490469d03ep_bytes: e8f4050000e988feffff3b0d70d04200timestamp: 2020-11-27 08:57:43
Version Info:
0: [No Data]

Generic.EmotetAE.44C2B01C also known as:

Lionic	Trojan.Win32.Malicious.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	DeepScan:Generic.EmotetAE.44C2B01C
FireEye	Generic.mg.575fb6d573bb67bf
CAT-QuickHeal	Backdoor.AndromRI.S17487048
ALYac	DeepScan:Generic.EmotetAE.44C2B01C
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_70% (W)
Alibaba	Backdoor:Win32/Kryptik.b74ab2df
K7GW	Trojan ( 00573da91 )
K7AntiVirus	Trojan ( 00573da91 )
BitDefenderTheta	Gen:NN.ZexaF.34182.zCW@aiKXz1di
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HHUH
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.Win32.Androm.vho
BitDefender	DeepScan:Generic.EmotetAE.44C2B01C
NANO-Antivirus	Trojan.Win32.Stelega.igggiz
Avast	Win32:PWSX-gen [Trj]
Tencent	Win32.Trojan.Inject.Auto
Sophos	Mal/Generic-S
DrWeb	Trojan.Inject4.5865
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Emsisoft	DeepScan:Generic.EmotetAE.44C2B01C (B)
Ikarus	Trojan.Win32.Crypt
Jiangmin	Backdoor.Androm.ayni
Avira	HEUR/AGEN.1103337
Microsoft	Trojan:Win32/Glupteba!ml
GData	DeepScan:Generic.EmotetAE.44C2B01C
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Kryptik.R356837
McAfee	RDN/Generic BackDoor
MAX	malware (ai score=83)
VBA32	BScope.Trojan.Wacatac
Rising	Trojan.Kryptik!8.8 (CLOUD)
Yandex	Trojan.PWS.Stelega!8jebMR6Ah9w
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HHKE!tr
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.573bb6
Panda	Trj/GdSda.A