Worm

Should I remove “IM-Worm.Win32.Guap.de”?

Malware Removal

The IM-Worm.Win32.Guap.de is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What IM-Worm.Win32.Guap.de virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary compilation timestomping detected

How to determine IM-Worm.Win32.Guap.de?



File Info:

name: F5D18BA42133056F7BB2.mlw
path: /opt/CAPEv2/storage/binaries/702ff441c95a7c0e86797fad21aa8e7c092e8c54dbc78e677389365c03ba8d0c
crc32: 6C27DE97
md5: f5d18ba42133056f7bb2692612085d79
sha1: 9018725b1abed08717255e64c5aaea4cdd89f1be
sha256: 702ff441c95a7c0e86797fad21aa8e7c092e8c54dbc78e677389365c03ba8d0c
sha512: c137af58e842ae51a29569cd72aec563d699b3bf47042ae400efe72e6865696e70ef6c747f0e91952b249669287ae353e28a45cf1b2e81ba12726019a6ff2409
ssdeep: 192:/uF5FU77SPq6GRO3OaJAC1DGWZ1HahjlNxTUKRlwY1C6a8movypQJvykw:/G5FUfSeC9GWzHazNxTBMY1+KJvyk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BF62E71927ACCB23D6BA17725C73410497B5B9139562EB2E3C8E14CB5F333444B62FA6
sha3_384: c6e2594fe8d4e904254b74124c9a6fcf021b8734a0746cb175eecf5c2db605489bafdbc2c480bd357bc5900e694bcb81
ep_bytes: ff250020400000000000000000000000
timestamp: 2094-02-06 22:32:17


Version Info:

Translation: 0x0000 0x04b0
Comments: 
CompanyName: 
FileDescription: GUI
FileVersion: 1.0.0.0
InternalName: GUI.exe
LegalCopyright: Copyright ©  2020
LegalTrademarks: 
OriginalFilename: GUI.exe
ProductName: GUI
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

IM-Worm.Win32.Guap.de also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Bulz.595278
FireEyeGen:Variant.Bulz.595278
ALYacGen:Variant.Bulz.595278
ZillyaTool.Crypter.Win32.2579
AlibabaWorm:Win32/Crypter.3aecb3b7
K7AntiVirusRiskware ( 00569bfc1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Riskware.Crypter.SN
APEXMalicious
Paloaltogeneric.ml
KasperskyIM-Worm.Win32.Guap.de
BitDefenderGen:Variant.Bulz.595278
AvastFileRepMalware
Ad-AwareGen:Variant.Bulz.595278
EmsisoftRiskware.Crypter (A)
TrendMicroTROJ_GEN.R002C0PKP21
McAfee-GW-EditionGenericRXPF-AK!F5D18BA42133
SophosMal/Generic-S
IkarusTrojan-Ransom.FileCrypter
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1136625
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Variant.Bulz.595278
CynetMalicious (score: 99)
McAfeeGenericRXPF-AK!F5D18BA42133
VBA32TScope.Trojan.MSIL
MalwarebytesMalware.AI.2765806524
TrendMicro-HouseCallTROJ_GEN.R002C0PKP21
TencentWin32.Trojan.Bulz.Efan
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Crypter
AVGFileRepMalware
PandaTrj/GdSda.A

How to remove IM-Worm.Win32.Guap.de?

IM-Worm.Win32.Guap.de removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment