Malware

About “Mal/Generic-R + Mal/Behav-160” infection

Malware Removal

The Mal/Generic-R + Mal/Behav-160 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + Mal/Behav-160 virus can do?

  • Attempts to connect to a dead IP:Port (2 unique times)
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

Related domains:

v8.ter.tf

How to determine Mal/Generic-R + Mal/Behav-160?



File Info:

crc32: B4A93DB1
md5: ffb4c9b7e2c6e9194fe31f5ce1ba2a1b
name: FFB4C9B7E2C6E9194FE31F5CE1BA2A1B.mlw
sha1: 93ab1219950337f65cb80b00ef4badbab90fb5d0
sha256: 07d0976a03ec7bd10c1f900d0c883d7ee8582eb80770d4b163424691150c2568
sha512: 635ff096c317f8232e65f91f17c904c4f2f2cbaf02c37f577d2bdf9c1849e3ed07b6c1fa2cf6fbc5c7b6f41b0f668845def31ea3b718f3bf0abfe3a0139bc935
ssdeep: 384:CEI0+Fkm7SWZvA9IGi17qtVHEIBSp6XvefybvimJOg7vSa3gRJ8u0XWh9mWsm:CEI0+FNSWBwSgaHcef6imJOiSaQrN55
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: ? Microsoft Corporation. All rights reserved.
InternalName: 
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: Microsoft? Windows? Operating System
SpecialBuild: 
ProductVersion: 6.1.7600.16385
FileDescription: Windows Enhanced Storage Password Authentication Program
OriginalFilename: EhStorAuthn.exe
Translation: 0x0804 0x04b0

Mal/Generic-R + Mal/Behav-160 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Zard.30
FireEyeGeneric.mg.ffb4c9b7e2c6e919
ALYacGen:Heur.Mint.Zard.30
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005376ae1 )
BitDefenderGen:Heur.Mint.Zard.30
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.7e2c6e
BaiduWin32.Trojan.ServStart.ax
CyrenW32/Nitol.AC.gen!Eldorado
SymantecBackdoor.Nitol
TotalDefenseWin32/PackedBaidu
APEXMalicious
AvastWin32:Dh-A [Heur]
ClamAVWin.Malware.Nitol-6802818-0
KasperskyTrojan-Ransom.Win32.PornoBlocker.ejtx
NANO-AntivirusTrojan.Win32.MicroFake.cchebz
AegisLabTrojan.Win32.PornoBlocker.j!c
RisingRansom.PornoBlocker!8.24E (CLOUD)
Ad-AwareGen:Heur.Mint.Zard.30
EmsisoftGen:Heur.Mint.Zard.30 (B)
ComodoTrojWare.Win32.Nitol.KA@6cq5hu
F-SecureTrojan.TR/ATRAPS.hrva.12
DrWebTrojan.DownLoader18.16955
ZillyaTrojan.PornoBlocker.Win32.12277
TrendMicroDDoS.Win32.NITOL.SMG
McAfee-GW-EditionBehavesLike.Win32.Fake.mc
SophosMal/Generic-R + Mal/Behav-160
IkarusTrojan.Win32.MicroFake
JiangminTrojan.PornoBlocker.bv
AviraTR/ATRAPS.hrva.12
eGambitUnsafe.AI_Score_99%
MAXmalware (ai score=100)
Antiy-AVLTrojan[Ransom]/Win32.PornoBlocker
MicrosoftTrojan:Win32/Ditertag.A
ArcabitTrojan.Mint.Zard.30
SUPERAntiSpywareTrojan.Agent/Gen-FakeMS
ZoneAlarmTrojan-Ransom.Win32.PornoBlocker.ejtx
GDataWin32.Trojan.Microfake.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Nitol.R299383
Acronissuspicious
McAfeeGenericRXAA-AA!FFB4C9B7E2C6
VBA32BScope.Trojan.Scar
MalwarebytesTrojan.FakeMS
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Agent.RMM
TrendMicro-HouseCallDDoS.Win32.NITOL.SMG
TencentTrojan.Win32.Lapka.bw
YandexTrojan.GenAsa!H41PVEbKGsY
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.RMM!tr
BitDefenderThetaAI:Packer.AABC03481F
AVGWin32:Dh-A [Heur]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.cbb

How to remove Mal/Generic-R + Mal/Behav-160?

Mal/Generic-R + Mal/Behav-160 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment