Malware

GenPack:Generic.Urelas.55C0ED56 malicious file

Malware Removal

The GenPack:Generic.Urelas.55C0ED56 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What GenPack:Generic.Urelas.55C0ED56 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine GenPack:Generic.Urelas.55C0ED56?



File Info:

name: EEAB2FFBD9F7DC6D04D5.mlw
path: /opt/CAPEv2/storage/binaries/55ca02469f294b56a14103a510daa8d2a4d376fb300994149f5098c0ecb7966b
crc32: 692DD1BC
md5: eeab2ffbd9f7dc6d04d5cb610dbe777d
sha1: 414fbcd586e5419db8579a35b8e72efd62ccae3e
sha256: 55ca02469f294b56a14103a510daa8d2a4d376fb300994149f5098c0ecb7966b
sha512: 3b5c8affecfa05b3c48ec66298387409b043ab80f187014dc8c334da66c08e0cdf5195349a20da0b7ce1b2e3b358d57fd75332911c21470e66fea7077837e33f
ssdeep: 12288:zco398Nb9ZsbxCIRnwuRtVH7jUkcaqkOzWKiKx1DLSpq:zcm7jw+tVHvTMzWKbnDgq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19A0512529B184868FB6C1B359802F6E540A59D3EA4D5F82FF03CBD3E69321875A7324F
sha3_384: 4efe84a23d930b30187d5642b1cfbe94cfdc62a8065f4e8b37e1634b820aff70aad7f5eed16f8c3efa2e439795f7fe07
ep_bytes: 60e80000000058055a0b00008b3003f0
timestamp: 2012-11-06 10:57:03


Version Info:

CompanyName: Samsung Urban
FileDescription: Ultead Video
FileVersion: 1, 0, 0, 85
InternalName: Jghdfsfd Porker
LegalCopyright: Copyright (C) 2012
OriginalFilename: Maggo Play
ProductName: Gtsfwe
ProductVersion: 1, 0, 0, 85
Translation: 0x0412 0x04b0

GenPack:Generic.Urelas.55C0ED56 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.AVKill.24829
MicroWorld-eScanGenPack:Generic.Urelas.55C0ED56
FireEyeGeneric.mg.eeab2ffbd9f7dc6d
CAT-QuickHealTrojan.Gupboot.B.mue
ALYacGenPack:Generic.Urelas.55C0ED56
CylanceUnsafe
VIPRETrojan.Win32.Urelas.b (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004da1581 )
BitDefenderGenPack:Generic.Urelas.55C0ED56
K7GWTrojan ( 004da1581 )
Cybereasonmalicious.bd9f7d
BitDefenderThetaGen:NN.ZexaF.34182.0mxaaaBmXpcO
CyrenW32/Xpack.D.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.AR
ClamAVWin.Trojan.Agent-1139021
KasperskyRootkit.Win32.Plite.pvd
NANO-AntivirusTrojan.Win32.AVKill.cmtium
TencentMalware.Win32.Gencirc.10cefbff
Ad-AwareGenPack:Generic.Urelas.55C0ED56
EmsisoftGenPack:Generic.Urelas.55C0ED56 (B)
ComodoTrojWare.Win32.GupBoot.BFC@5szi8p
BaiduWin32.Rootkit.Agent.s
ZillyaTrojan.Urelas.Win32.90
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.cc
SophosML/PE-A + Troj/Backdr-IJ
SentinelOneStatic AI – Malicious PE
JiangminRootkit.Plite.o
AviraTR/Crypt.XPACK.Gen3
Antiy-AVLTrojan/Generic.ASMalwS.2B8365
MicrosoftTrojan:Win32/Gupboot.B
ArcabitGenPack:Generic.Urelas.55C0ED56
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
ZoneAlarmRootkit.Win32.Plite.pvd
GDataWin32.Trojan.PSE.1EENH8U
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Wecod.R41369
Acronissuspicious
McAfeeGeneric BackDoor.aeu
MAXmalware (ai score=82)
VBA32Rootkit.Plite
MalwarebytesMalware.AI.2087708938
PandaTrj/Genetic.gen
APEXMalicious
RisingTrojan.Agent!1.9D23 (CLASSIC)
YandexTrojan.GenAsa!fWGIDzv5BFM
IkarusTrojan.BAT.Agent
eGambitUnsafe.AI_Score_99%
FortinetW32/Plite.RTK!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.121218.susgen

How to remove GenPack:Generic.Urelas.55C0ED56?

GenPack:Generic.Urelas.55C0ED56 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment