Malware

Jaik.49613 malicious file

Malware Removal

The Jaik.49613 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Jaik.49613 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Drops a binary and executes it
  • DNS query to a paste site or service detected
  • The binary contains an unknown PE section name indicative of packing
  • Looks up the external IP address
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • A script process created a new process
  • Creates a hidden or system file
  • CAPE detected the DLInjector04 malware family
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Accessed credential storage registry keys
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Harvests cookies for information gathering
  • Attempts to execute suspicious powershell command arguments
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

Related domains:

wpad.local-net
www.listincode.com
ip-api.com
iplogger.org
56.jpgamehome.com
pastebin.com
postbackstat.biz
fouratlinks.com
wfsdragon.ru
www.hdkapx.com
boomboomrequest.com
tweakballs.com

How to determine Jaik.49613?


File Info:

name: 540ED481C30417027FDC.mlw
path: /opt/CAPEv2/storage/binaries/a2099f0cb7c1a4e7f9b6490b0c8d1f9f20af7917519585ebf99c7afb9175c11d
crc32: 1F6E7026
md5: 540ed481c30417027fdcbed6fe748ce8
sha1: e024d36d3f84d884f5fcca7b7bb6b2b3b51dd4a2
sha256: a2099f0cb7c1a4e7f9b6490b0c8d1f9f20af7917519585ebf99c7afb9175c11d
sha512: bfeb0f8e820f41679f60ac84900b91186cff3d002363d44c370f436cd9d06ae67c319069dd7b7802ec8b0386cbc6c0c0f1f8241ea2183732eab1d29012351233
ssdeep: 196608:xjLUCg5bHmeNAg4iNuI538IVradlsGZCWgMdgLUNS75tskYpiHV:x/dgJHfNAg4igVIilZlgLkS7fskYpI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10BB633777ED05DE1D7412B791A08B77231FB97200B2AC9C33354D0DEAF20ABA954EA58
sha3_384: f7360f4a688afa09d870d5ab5559edb128daef4351d8cb4961da853c91f3341fef83fbfbb52ccd5d07bc0b00b57007ea
ep_bytes: 558bec6aff6898c24100680691410064
timestamp: 2019-02-21 16:00:00

Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 19.00
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 19.00
Translation: 0x0409 0x04b0

Jaik.49613 also known as:

LionicTrojan.Win32.Chebka.a!c
MicroWorld-eScanGen:Variant.Jaik.49613
ALYacGen:Variant.Jaik.49613
CylanceUnsafe
SangforTrojan.Win32.Chebka.gen
K7AntiVirusTrojan ( 00588c0e1 )
AlibabaBackdoor:Win32/Cryprar.b780ffbc
K7GWTrojan ( 00588c0e1 )
Cybereasonmalicious.1c3041
CyrenW32/Agent.DOY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
AvastWin32:TrojanX-gen [Trj]
ClamAVWin.Packed.Barys-9859531-0
KasperskyTrojan.Win32.Cryprar.sm
BitDefenderGen:Variant.Jaik.49613
RisingMalware.Obscure/Heur!1.A89E (CLASSIC)
Ad-AwareGen:Variant.Jaik.49613
SophosMal/Generic-S
DrWebTrojan.Inject4.19864
TrendMicroTROJ_GEN.R002C0WKO21
McAfee-GW-EditionBehavesLike.Win32.Spybot.vc
FireEyeGen:Variant.Jaik.49613
EmsisoftGen:Variant.Jaik.49613 (B)
GDataGen:Variant.Jaik.49613
JiangminTrojan.Zapchast.aai
AviraTR/Redcap.jdstp
Antiy-AVLTrojan/Generic.ASMalwS.34D3DA3
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Jaik.DC1CD
ViRobotTrojan.Win32.Z.Zapchast.11300762
MicrosoftTrojan:Win64/Fabookie.WY!MTB
CynetMalicious (score: 99)
McAfeeArtemis!540ED481C304
MAXmalware (ai score=87)
VBA32Trojan.Zapchast
MalwarebytesTrojan.Dropper.SFX.Generic
TrendMicro-HouseCallTROJ_GEN.R002C0WKO21
TencentWin32.Trojan.Multiple.Ssha
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/BSE.4Q7Q!tr
BitDefenderThetaGen:NN.ZedlaF.34084.n88baOE@FOp
AVGWin32:TrojanX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Jaik.49613?

Jaik.49613 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment