Mal/Swrort-AD removal

The Mal/Swrort-AD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Mal/Swrort-AD virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
At least one process apparently crashed during execution
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Mal/Swrort-AD?


File Info:
name: 76C2D315026C1F9AE0A5.mlw
path: /opt/CAPEv2/storage/binaries/b0206a6b9b486bae3e1b6ecb1cb3a6c09607ae9f70f49b83d280b00d84722d12
crc32: 60AC8B87
md5: 76c2d315026c1f9ae0a5c392c6615850
sha1: 7939155d6f748b8e037b9ac976af2b7039e24a58
sha256: b0206a6b9b486bae3e1b6ecb1cb3a6c09607ae9f70f49b83d280b00d84722d12
sha512: 185e6e49399589d38bc6fb7d4fe1b7512005681db69654e2858a665801e7f453020e2dc8a93fedc2d7bc1cf82ba110d795f0ff4d95852bd4a7a789b66c8a558b
ssdeep: 768:P1FUDQRh7RJFkGq/n9Dqc+D9XWTX1NedfLgttnpK:dFQQRFFS9Dqc+5GTX7IfLgzpK
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1EA2319987D288CE6E993133D90FBC3BA573CF181862767A37B24F63417233A62894147
sha3_384: 7fe439e66a150937d39424be416b5d40dc4cc4ceb8f4dc156524fe29f9dc4321cf91be79b079402b4f011ff7d5e4bc2b
ep_bytes: 83ec1cc7042401000000ff1594914000
timestamp: 2021-11-25 08:00:40

Version Info:
0: [No Data]

Mal/Swrort-AD also known as:

Bkav	W32.AIDetect.malware1
Cylance	Unsafe
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Swrort.863abb8e
K7GW	Riskware ( 0040eff71 )
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Sophos	Mal/Swrort-AD
McAfee-GW-Edition	BehavesLike.Win32.Generic.pm
FireEye	Generic.mg.76c2d315026c1f9a
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Microsoft	Trojan:Win32/Wacatac.B!ml
Gridinsoft	Ransom.Win32.Sabsik.sa
Cynet	Malicious (score: 100)
McAfee	GenericRXML-UY!76C2D315026C
TrendMicro-HouseCall	TROJ_GEN.R002H06KP21
Rising	Malware.Heuristic!ET#94% (RDMK:cmRtazqkEm+jxiMWBKbZ6OAHFqjd)
Ikarus	SuspectFile
eGambit	Unsafe.AI_Score_99%

How to remove Mal/Swrort-AD?

Mal/Swrort-AD removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X