Malware

Mal/Rennes-A removal guide

Malware Removal

The Mal/Rennes-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Rennes-A virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a slightly modified copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz
doddyfire.linkpc.net

How to determine Mal/Rennes-A?



File Info:

crc32: 6A79409C
md5: c2db19ca1c117b714c6ed25e2972d3eb
name: upload_file
sha1: 1d514c8763804ee36b36feed4a22471328dd6316
sha256: b0aac0d798e9f2f747d38c7fb06d871dc418b3122f45c346d323b4375f37dbed
sha512: f8f03e8c4d2bdbf9cc01294fe53a5853a392823c9902de7eacf49acfeb76aca4c2ca81927a900b929d76fb2dc9802cfd9b25207b73c4df2b088719cb05fda57e
ssdeep: 1536:WAp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4k:d5eznsjsguGDFqGk
type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows


Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: aluminium xa9 gluttonous
Assembly Version: 1.28.14.52
InternalName: 1.exe
FileVersion: 1.28.14.52
CompanyName: chieftain
ProductName: frozen
ProductVersion: 1.28.14.52
FileDescription: approximation
OriginalFilename: 1.exe

Mal/Rennes-A also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.32187003
FireEyeGeneric.mg.c2db19ca1c117b71
CAT-QuickHealTrojan.AgentTesla.S15671553
ALYacTrojan.GenericKD.32187003
MalwarebytesBackdoor.Bladabindi
ZillyaTrojan.GenericGen.Win32.1
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
SangforMalware
K7AntiVirusTrojan ( 0051b5d71 )
K7GWTrojan ( 0051b5d71 )
Cybereasonmalicious.a1c117
InvinceaML/PE-A + Mal/Rennes-A
BitDefenderThetaGen:NN.ZemsilF.34570.gm1@aS5uJap
CyrenW32/MSIL_Injector.CB.gen!Eldorado
SymantecBackdoor.Ratenjay
APEXMalicious
AvastWin32:BackdoorX-gen [Trj]
ClamAVWin.Packed.Bladabindi-6717505-0
KasperskyHEUR:Backdoor.MSIL.Bladabindi.gen
BitDefenderTrojan.GenericKD.32187003
NANO-AntivirusTrojan.Win32.Orcus.ffvlkl
ViRobotBackdoor.Win32.Agent.102336
RisingTrojan.MSIL/Kryptik!1.B5B8 (CLASSIC)
Ad-AwareTrojan.GenericKD.32187003
EmsisoftTrojan.GenericKD.32187003 (B)
ComodoTrojWare.MSIL.Injector.OQB@7xhkt9
DrWebBackDoor.Orcus.14
VIPRETrojan.Win32.Generic!BT
TrendMicroBackdoor.MSIL.BLADABINDI.SMW
McAfee-GW-EditionBehavesLike.Win32.Packed.nm
SophosMal/Rennes-A
IkarusTrojan.MSIL.Krypt
GDataTrojan.GenericKD.32187003
JiangminTrojan.Generic.cgitk
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1108068
Antiy-AVLTrojan/Win32.AGeneric
ArcabitTrojan.Generic.D1EB227B
AegisLabTrojan.Win32.Generic.4!e
ZoneAlarmHEUR:Backdoor.MSIL.Bladabindi.gen
MicrosoftBackdoor:MSIL/Bladabindi
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Korat.C2571733
Acronissuspicious
McAfeePacked-FHH!C2DB19CA1C11
MAXmalware (ai score=85)
VBA32TScope.Trojan.MSIL
CylanceUnsafe
ESET-NOD32a variant of MSIL/Kryptik.OQB
TrendMicro-HouseCallBackdoor.MSIL.BLADABINDI.SMW
YandexTrojan.Agent!5WAK4DHEsrQ
SentinelOneDFI – Malicious PE
FortinetMSIL/Kryptik.PDP!tr
AVGWin32:BackdoorX-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360HEUR/QVM03.0.A2EF.Malware.Gen

How to remove Mal/Rennes-A?

Mal/Rennes-A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment