Malware

Koobface.1 (file analysis)

Malware Removal

The Koobface.1 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Koobface.1 virus can do?

  • At least one process apparently crashed during execution
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Catalan
  • Authenticode signature is invalid

How to determine Koobface.1?



File Info:

name: 96799BD0F3BFD4B2ED3A.mlw
path: /opt/CAPEv2/storage/binaries/bd0f387cd93935d58e9a67d32ef2a3c13cd58c84f2825cf840aa2128e3b0229a
crc32: 346AB0B9
md5: 96799bd0f3bfd4b2ed3a65ab5bc21b7c
sha1: 03cdae9126c3b12996b090b11a85267cafbee90c
sha256: bd0f387cd93935d58e9a67d32ef2a3c13cd58c84f2825cf840aa2128e3b0229a
sha512: 7ac2d25c4e3731f510c7aeffc680397e6d31c6a80bb1950939edd6f6560645a568b22abffe5ba3884d3f9df1e4faa7a37324e2c3e86cfcb85509d68562dc1c26
ssdeep: 768:/06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9f:lR0vxn3Pc0LCH9MtbvabUDzJYWu3Bg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B2A3D046B930B6DAF6A996358044FF815F3CBD290DF3C1B6345C22CEEA39C89464572D
sha3_384: b6414dec3d641c78dd8ea7d151dc37b805a0cbd1abbc1750ebef81d15f871af504658c825c72f747e11033024547f04c
ep_bytes: 558bec83ec2c8165ec000000008d5b56
timestamp: 2004-11-06 22:01:02


Version Info:

CompanyName: Macromedia, Inc.
FileDescription: Macromedia Flash Player 7.0  r19
FileVersion: 7,0,19,0
InternalName: Macromedia Flash Player 7.0
LegalCopyright: Copyright © 1996-2003 Macromedia, Inc.
LegalTrademarks: Macromedia Flash Player
OriginalFilename: SAFlashPlayer.exe
ProductName: Shockwave Flash
ProductVersion: 7,0,19,0
Translation: 0x0409 0x04b0

Koobface.1 also known as:

BkavW32.FamVT.DisbukCI.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Koobface.1
FireEyeGeneric.mg.96799bd0f3bfd4b2
CAT-QuickHealW32.Ramnit.DR
ALYacGen:Variant.Koobface.1
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 001f82c71 )
K7AntiVirusTrojan ( 001f82c71 )
VirITTrojan.Win32.Generic.SUG
CyrenW32/SuspPack.DC.gen!Eldorado
SymantecPacked.Protexor!gen1
ESET-NOD32a variant of Win32/Kryptik.JBG
APEXMalicious
ClamAVWin.Virus.Virut-6804273-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Koobface.1
NANO-AntivirusTrojan.Win32.Ramnit.bbgdmp
SUPERAntiSpywareTrojan.Agent/Gen-Pune
AvastWin32:Crypto-V [Trj]
TencentTrojan.Win32.Koobface.udb
Ad-AwareGen:Variant.Koobface.1
SophosML/PE-A + Mal/Ramnit-ZZ
ComodoTrojWare.Win32.Kryptik.ILZ@39m3x2
DrWebTrojan.Siggen2.9448
TrendMicroTROJ_DROPPR.SMAL
McAfee-GW-EditionBehavesLike.Win32.Dropper.nm
EmsisoftGen:Variant.Koobface.1 (B)
IkarusVirus.Win32.Ramnit
GDataGen:Variant.Koobface.1
JiangminPacked.Krap.dljx
AviraTR/Patched.Ren.Gen
MAXmalware (ai score=87)
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Ramnit
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Krap.R20076
McAfeePWS-Zbot.gen.cn
TACHYONTrojan/W32.Krap.98733
VBA32BScope.Trojan.Inject
MalwarebytesNimnul.Virus.FileInfector.DDS
TrendMicro-HouseCallTROJ_DROPPR.SMAL
RisingTrojan.Win32.Fednu.tyo (CLOUD)
YandexTrojan.GenAsa!MLownxgq9A8
SentinelOneStatic AI – Malicious PE
MaxSecurePacked.Krap.ar
FortinetW32/Kryptik.LW!tr
BitDefenderThetaGen:NN.ZexaF.34638.gq1@aKiznpfH
AVGWin32:Crypto-V [Trj]
Cybereasonmalicious.0f3bfd
PandaTrj/Pck_Pretorx.A

How to remove Koobface.1?

Koobface.1 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment