Worm

GenPack:Win32.Worm.Viking.EO malicious file

Malware Removal

The GenPack:Win32.Worm.Viking.EO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What GenPack:Win32.Worm.Viking.EO virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Likely virus infection of existing system binary
  • The sample wrote data to the system hosts file.
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine GenPack:Win32.Worm.Viking.EO?


File Info:

name: 7B03261F7CA2F3069528.mlw
path: /opt/CAPEv2/storage/binaries/f907ed0c6959e88c21b4118b82da55c58218e0eeabe5cfcf7db4f8f37b1691a3
crc32: 8D1788AD
md5: 7b03261f7ca2f3069528f96ee194b5b0
sha1: bfb81f0b729442b5d54b8bb87f57cbee4f4c717c
sha256: f907ed0c6959e88c21b4118b82da55c58218e0eeabe5cfcf7db4f8f37b1691a3
sha512: d73782236146e24f4d1c7b79a5cec3e04bc411cba228a3321d2a266629e7f89a8d958ddcfc83e48a8e024b46551bd31e85dc69676af3dd49ef649309efddcd07
ssdeep: 768:vDONULnKSiDPxJDYZlrPW9ZRzUn1/uQ4QBdMTqmTsQd+TUOwF5adAGvo2CT6s2:vJKS8xdq0yGQ4QBQRstUOLAUfCTL2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18823CF4BACFE8C8BC412073026A70F587234AD657E22064D5B26396FDDF9B41FD0999E
sha3_384: e2d7db043e520bbf795d352e37a1f51943637a9a2d90b539ac3c593cee964cc9e902db6ed0e51f20c2874a39e32e5701
ep_bytes: 68810000006882000000688300000068
timestamp: 1992-06-19 22:22:17

Version Info:

CompanyName:
FileDescription:
FileVersion: 1.0.0.0
InternalName:
LegalCopyright:
LegalTrademarks:
OriginalFilename:
ProductName:
ProductVersion: 1.0.0.0
Comments:
Translation: 0x0804 0x03a8

GenPack:Win32.Worm.Viking.EO also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Gavir.114
MicroWorld-eScanGenPack:Win32.Worm.Viking.EO
FireEyeGeneric.mg.7b03261f7ca2f306
CAT-QuickHealW32.Viking.gen
McAfeeW32/HLLP.r.ez
CylanceUnsafe
K7AntiVirusTrojan ( 7000000f1 )
AlibabaVirus:Win32/Viking.acba8ce6
K7GWTrojan ( 7000000f1 )
CrowdStrikewin/malicious_confidence_70% (D)
BitDefenderThetaGen:NN.ZelphiF.34638.cm0aa8gCCppb
CyrenW32/Trojan.JIHZ-8712
SymantecW32.Looked.P
ESET-NOD32a variant of Win32/Viking.NBZ
ZonerProbably Heur.ExeHeaderL
TrendMicro-HouseCallPE_LOOKED.RF-O
ClamAVWin.Trojan.Philis-61
KasperskyWorm.Win32.Viking.eo
BitDefenderGenPack:Win32.Worm.Viking.EO
NANO-AntivirusTrojan.Win32.Viking.cgisf
AvastWin32:Nilage-BA [Trj]
TencentVirus.Win32.Viking.di
Ad-AwareGenPack:Win32.Worm.Viking.EO
EmsisoftGenPack:Win32.Worm.Viking.EO (B)
ComodoWorm.Win32.Viking.eo2@1bslzv
BaiduWin32.Virus.Viking.k
ZillyaWorm.Viking.Win32.33
TrendMicroPE_LOOKED.RF-O
McAfee-GW-EditionBehavesLike.Win32.Generic.pc
SophosML/PE-A + W32/Looked-BO
IkarusWorm.Win32.Viking.eo
JiangminTrojan/PSW.Nilage.eq
WebrootW32.Worm.Viking
AviraTR/Spy.Viking.Gen
MAXmalware (ai score=89)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ViRobotWorm.Win32.Viking.Gen
GDataGenPack:Win32.Worm.Viking.EO
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.LineageHack.C140928
VBA32BScope.Trojan.Click
ALYacGenPack:Win32.Worm.Viking.EO
MalwarebytesGeneric.Trojan.Malicious.DDS
APEXMalicious
RisingTrojan.Generic@AI.100 (RDMK:cmRtazpDSa+X7Ef7cdSSep7l6EQi)
YandexTrojan.GenAsa!enmP/uS/unA
SentinelOneStatic AI – Malicious PE
MaxSecureWorm.Win32.Viking.eo
FortinetW32/HLLP_Philis.EO!worm
AVGWin32:Nilage-BA [Trj]
Cybereasonmalicious.f7ca2f
PandaW32/Viking.CT.drp

How to remove GenPack:Win32.Worm.Viking.EO?

GenPack:Win32.Worm.Viking.EO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment