Malware

Mal/Generic-R + W32/OYSoul-Gen (file analysis)

Malware Removal

The Mal/Generic-R + W32/OYSoul-Gen is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + W32/OYSoul-Gen virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Mal/Generic-R + W32/OYSoul-Gen?



File Info:

name: 4849F0DCEA72C92ADD7D.mlw
path: /opt/CAPEv2/storage/binaries/312dc4e67479a55d49e4ace7fbd868de87892c4cced487cdce4c623db803bc33
crc32: 4973C654
md5: 4849f0dcea72c92add7d6c901339b019
sha1: ee49f002ae19950f0048318ba8abc112e06170a6
sha256: 312dc4e67479a55d49e4ace7fbd868de87892c4cced487cdce4c623db803bc33
sha512: 7077eff473369996126a5634ad81b79e54104a4a4a6c7fca31834ffbee32021282782c96a6ce9839aba23be71453c04add97c092f260a570bef6106f305585ca
ssdeep: 98304:T+Cga9ak7nJ76ak7TW+ygqxEGlQXMmY1MDh93yQGp6ZojWxFqQLh/96JhT:Bjv7Jy7Cgs/mY1Mt93yQGp6iada
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10B967D12B7E59039F1F307719E35B36555BABEB01D35D10FA2442A0E1EB0AE1AE34B27
sha3_384: b0bc21e17dabb474d9ed5391d4a27ca76d407387cd95b9c22e95d93b467a239f4d495efbbafd8a96b5a8699b6dd8b649
ep_bytes: 60be003041008dbe00e0feff5783cdff
timestamp: 2008-06-09 03:48:26


Version Info:

Translation: 0x0804 0x04b0
CompanyName: 2146
ProductName:  
FileVersion: 1.00
ProductVersion: 1.00
InternalName: avp
OriginalFilename: avp.exe

Mal/Generic-R + W32/OYSoul-Gen also known as:

BkavW32.FamVT.VB.SoulPack.PE
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Worm.SoulClose.C
FireEyeGeneric.mg.4849f0dcea72c92a
McAfeeArtemis!4849F0DCEA72
CylanceUnsafe
VIPREVirus.Win32.Soulclose.a (v)
SangforTrojan.Win32.Save.a
K7AntiVirusRiskware ( 0015e4f01 )
BitDefenderWin32.Worm.SoulClose.C
K7GWRiskware ( 0015e4f01 )
Cybereasonmalicious.cea72c
BaiduWin32.Worm.VB.bc
CyrenW32/Worm.Soul.gen!Eldorado
SymantecW32.Fujacks.C
ESET-NOD32Win32/VB.NOY
APEXMalicious
ClamAVWin.Malware.Generic-9839038-0
KasperskyVirus.Win32.VB.lc
NANO-AntivirusVirus.Win32.VB.bpcbgk
RisingSpyware.Zbot!1.648A (RDMK:cmRtazqLDg4ulrx7OkcIBzYKfc32)
Ad-AwareWin32.Worm.SoulClose.C
SophosMal/Generic-R + W32/OYSoul-Gen
ComodoWorm.Win32.VB.NOY@bf0m
DrWebWin32.HLLP.Soul
ZillyaVirus.VB.Win32.177
McAfee-GW-EditionBehavesLike.Win32.Dropper.rh
EmsisoftWin32.Worm.SoulClose.C (B)
SentinelOneStatic AI – Malicious PE
JiangminPacked.Krap.gvvi
MaxSecureVirus.W32.VB.lc
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASBOL.21
MicrosoftVirus:Win32/Soulclose.A
GDataWin32.Worm.SoulClose.C
CynetMalicious (score: 100)
AhnLab-V3Win32/Soulclose.X1317
BitDefenderThetaGen:NN.ZevbaCO.34160.@pNfaediQshb
ALYacWin32.Worm.SoulClose.C
VBA32Trojan.VBRA.07562
MalwarebytesMalware.AI.4289551135
TencentMalware.Win32.Gencirc.10b40d68
YandexWorm.VB!y/pweIhDvLs
MAXmalware (ai score=81)
eGambitUnsafe.AI_Score_100%
FortinetW32/VB.NOY!worm
AVGWin32:VB-JGI
AvastWin32:VB-JGI
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Mal/Generic-R + W32/OYSoul-Gen?

Mal/Generic-R + W32/OYSoul-Gen removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment