Malware

Jaik.61181 removal instruction

Malware Removal

The Jaik.61181 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Jaik.61181 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • The following process appear to have been packed with Themida: 568897705720990C156A.mlw
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a device
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Jaik.61181?



File Info:

name: 568897705720990C156A.mlw
path: /opt/CAPEv2/storage/binaries/8a43c8e44cad330f83431879ba24f07891432b297bcb6202ad187130a3f6428b
crc32: DAE3F981
md5: 568897705720990c156a45bbf61ec469
sha1: f5a36c0838be3164e349d32f5f1246b8fe567e38
sha256: 8a43c8e44cad330f83431879ba24f07891432b297bcb6202ad187130a3f6428b
sha512: d204d99172c0eead128472d1179221c123224bdedb1a77a4b8e68f4dab8ea80a2c034266b338cdd090112bdbbd84fe0ca98057b700107c230c8533f2158a9cbe
ssdeep: 49152:F3dnvMd5coyKYINYbPpLRZgrdJUInzRW6ciRLSdSRHc3qQUyJOg:VdvMdyKYIWPhRZgrdJUI9H/RL/RHgn
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1C185F0E7A2AE890DF4C136F4CAC975B9A01A9CE4A5D512C7C7313A29EE315F7EC4481C
sha3_384: 414892e566a2cab68aafae509bca179900e7ecbfbb294220f8f2091a02aa29312f7a66f10bea4fbf23da551a75b84338
ep_bytes: eb042235b2b450eb010fe818000000eb
timestamp: 2022-03-03 13:26:01


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7-Zip File Manager
FileVersion: 21.07
InternalName: 7zFM
LegalCopyright: Copyright (c) 1999-2021 Igor Pavlov
OriginalFilename: 7zFM.exe
ProductName: 7-Zip
ProductVersion: 21.07
Translation: 0x0409 0x04b0

Jaik.61181 also known as:

MicroWorld-eScanGen:Variant.Jaik.61181
FireEyeGeneric.mg.568897705720990c
MalwarebytesTrojan.MalPack
ArcabitTrojan.Jaik.DEEFD
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Packed.Obsidium.JX
APEXMalicious
KasperskyHEUR:Trojan-Spy.Win32.Stealer.gen
BitDefenderGen:Variant.Jaik.61181
AvastPWSX-gen [Trj]
RisingTrojan.Generic@AI.98 (RDML:ukifyzsv4pJgH6AMj5qLnQ)
Ad-AwareGen:Variant.Jaik.61181
EmsisoftGen:Variant.Jaik.61181 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
MAXmalware (ai score=85)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Jaik.61181
CynetMalicious (score: 100)
ALYacGen:Variant.Jaik.61181
VBA32BScope.TrojanSpy.Stealer
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R06CH07DS22
TencentWin32.Trojan-spy.Stealer.Swbg
IkarusTrojan.Win32.Generic
AVGPWSX-gen [Trj]
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Jaik.61181?

Jaik.61181 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment