Categories: Malware

ML/PE-A + Mal/Agent-ATS malicious file

The ML/PE-A + Mal/Agent-ATS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Mal/Agent-ATS virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Unconventionial language used in binary resources: Arabic (Egypt)
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine ML/PE-A + Mal/Agent-ATS?


File Info:
crc32: EE151FA1md5: 50178567287fa70aacf12ab9f5e83a1bname: 50178567287FA70AACF12AB9F5E83A1B.mlwsha1: 6c6b6524f6605b9708c2fe0548d3ea21e792fe36sha256: 29b4d486c0d51b38372eb8429e2b777a194800ad58b78069f978c00bc4c346d0sha512: b2883269779132692ec370a2346091047ccb6f3efbd8af7fb08cc97d6a5a8328da9bb7275b23f850c3a605dd334bd5a753c355f674f20379f5b166ce373ff532ssdeep: 12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kl:OIbGD2JTu0GoZQDbGV6eH81kltype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright xa9 2018InternalName: unpack200FileVersion: 8.0.1810.13Full Version: 1.8.0_181-b13CompanyName: Oracle CorporationProductName: Java(TM) Platform SE 8ProductVersion: 8.0.1810.13FileDescription: Java(TM) Platform SE binaryOriginalFilename: unpack200.exeTranslation: 0x0000 0x04b0

ML/PE-A + Mal/Agent-ATS also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 00543ea81 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen6.54687
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.MocrtIH.S14253690
ALYac	GenPack:Trojan.Agent.ECLV
Cylance	Unsafe
Zillya	Trojan.Delf.Win32.111364
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 00543ea81 )
Cybereason	malicious.7287fa
Cyren	W32/Ursu.AZ.gen!Eldorado
Symantec	Packed.Generic.526
ESET-NOD32	Win32/Agent.TJS
Zoner	Trojan.Win32.97652
APEX	Malicious
Avast	Sf:ShellCode-CU [Trj]
ClamAV	Win.Malware.Ursu-6914170-0
Kaspersky	Trojan.Win32.Delf.tgsa
BitDefender	GenPack:Trojan.Agent.ECLV
NANO-Antivirus	Trojan.Win32.Delf.flihmx
ViRobot	Trojan.Win32.Agent.1252826
MicroWorld-eScan	GenPack:Trojan.Agent.ECLV
Tencent	Malware.Win32.Gencirc.11bff644
Ad-Aware	GenPack:Trojan.Agent.ECLV
Sophos	ML/PE-A + Mal/Agent-ATS
Comodo	TrojWare.Win32.Mocrt.AA@81tiim
BitDefenderTheta	AI:Packer.BCE7A70017
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TrojanSpy.Win32.AVEMARIA.SMTH
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.50178567287fa70a
Emsisoft	GenPack:Trojan.Agent.ECLV (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Packed.Dico.lu
Avira	HEUR/AGEN.1105026
Antiy-AVL	Trojan/Generic.ASMalwS.2B9B7E6
Microsoft	Trojan:Win32/Lokibot.V!MTB
Gridinsoft	Trojan.Win32.Agent.bot!s1
Arcabit	GenPack:Trojan.Agent.ECLV
SUPERAntiSpyware	Trojan.Agent/Generic
GData	GenPack:Trojan.Agent.ECLV
TACHYON	Trojan/W32.DP-Delf.1130496
AhnLab-V3	Trojan/Win32.Agent.R251631
Acronis	suspicious
McAfee	GenericRXIL-UZ!50178567287F
MAX	malware (ai score=83)
VBA32	Trojan.Fuery
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TrojanSpy.Win32.AVEMARIA.SMTH
Rising	Trojan.Injector!1.B53C (CLASSIC)
Yandex	Trojan.Delf!KSr6mowUeeA
Ikarus	Trojan-Spy.LokiBot
MaxSecure	Trojan.Delf.tgsa
Fortinet	W32/Injector.ECZY!tr
AVG	Sf:ShellCode-CU [Trj]
Qihoo-360	HEUR/QVM13.0.62BE.Malware.Gen