Malware

Mal/Hvnc-A malicious file

Malware Removal

The Mal/Hvnc-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Hvnc-A virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (5 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Spanish (Modern)
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

0x21.in

How to determine Mal/Hvnc-A?



File Info:

crc32: 6B2282FC
md5: 109c1cb01295510623b59d15f1775fe5
name: 109C1CB01295510623B59D15F1775FE5.mlw
sha1: 2e37c0ba1735bb6eff85251e6677648147a34335
sha256: aa5a4440dab4909f58308d8c80a2d2a0b2edfb56aa4e60aa67e83e9203773a07
sha512: 709f2814cddeeb7aa09c1ac07c2efce7ac9d708a144f56a8ac2cfc1eddc086d5645d85b82adfd1190becb1f359ef10825df10830ceddbc89d2c4660866b3b578
ssdeep: 49152:wxnbkyBetq9Kw4Fap5aLKLkDl+dUvO9Yc:CrMq9x4wa+p39J
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright 2018 Adobe Incorporated. All rights reserved.
FileVersion: ...
CompanyName: Adobe Systems Incorporated
ProductName: Adobe Download Manager
ProductVersion: ...
FileDescription: Adobe Download Manager
OriginalFilename: Adobe Download Manager
Translation: 0x0409 0x04b0

Mal/Hvnc-A also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
DrWebBackDoor.HVNC.15
MicroWorld-eScanGen:Variant.Ursu.525018
FireEyeGeneric.mg.109c1cb012955106
CAT-QuickHealTrojan.AutoIt.AitInject.ZZ
McAfeeArtemis!109C1CB01295
CylanceUnsafe
SangforMalware
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Variant.Ursu.525018
K7GWTrojan ( 700000111 )
K7AntiVirusTrojan ( 700000111 )
TrendMicroTSPY_TINCLEX.SM1
BitDefenderThetaGen:NN.ZexaF.34634.zqW@auVdLFh
CyrenW32/FakeDoc.N.gen!Eldorado
SymantecPacked.Generic.548
APEXMalicious
ClamAVWin.Malware.Generic-6623004-0
KasperskyHEUR:Trojan.Win32.Pincav.gen
NANO-AntivirusTrojan.Win32.Quasar.foekoa
TencentMalware.Win32.Gencirc.10b0d056
Ad-AwareGen:Variant.Ursu.525018
SophosMal/Hvnc-A
F-SecureTrojan.TR/AD.Xiclog.nmpoi
InvinceaML/PE-A + Mal/AuItInj-A
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
EmsisoftGen:Variant.Ursu.525018 (B)
IkarusBackdoor.Win32.Hupigon
AviraTR/Hijacker.W
MAXmalware (ai score=84)
Antiy-AVLGrayWare/Autoit.ShellCode.a
MicrosoftVirTool:Win32/AutInject
ArcabitTrojan.Ursu.D802DA
ZoneAlarmHEUR:Trojan.Win32.Pincav.gen
GDataGen:Variant.Ursu.525018
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/AutoInj.Exp
Acronissuspicious
VBA32BScope.Trojan.Invader
MalwarebytesTrojan.MalPack.AutoIt
PandaTrj/Genetic.gen
ZonerTrojan.Win32.82233
ESET-NOD32a variant of Win32/Packed.AutoIt.OM
TrendMicro-HouseCallTSPY_TINCLEX.SM1
RisingBackdoor.Quasar!1.B1DD (CLASSIC)
YandexTrojan.GenAsa!eJ2W40k2TSg
eGambitTrojan.Generic
FortinetW32/Carberp.BU!tr.dldr
AVGWin32:PWSX-gen [Trj]
Cybereasonmalicious.012955
AvastWin32:PWSX-gen [Trj]

How to remove Mal/Hvnc-A?

Mal/Hvnc-A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment