Malware

About “ML/PE-A + Mal/EncPk-MK” infection

Malware Removal

The ML/PE-A + Mal/EncPk-MK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/EncPk-MK virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs

How to determine ML/PE-A + Mal/EncPk-MK?



File Info:

crc32: 4B93FD06
md5: 9523e869ee25d1504401674710411d6e
name: 9523E869EE25D1504401674710411D6E.mlw
sha1: 5af8281705769b0f928a6f032a2a72a937dc3c0f
sha256: 97ac21ab9876919792320281f0f1be7506d0d0c275a16c5bece899075a2f7a5d
sha512: 7df0738fc307559e609a88f1d62d3e8826a730d600e106e03529ada8487aaf27e90fe6d87d67c90ef9b787a0c808fa47bf9e0ce5f5210f8d60bcdccbdef83ea8
ssdeep: 12288:pDEv+Pk13PnGazrOlzqT9IuHSrT/PKmC1Z5gB7UMzY/:plEpzrO1uH2T6EyMk
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 2013 Adobe Systems Incorporated.  All rights reserved.
InternalName: armsvc.exe
FileVersion: 1.824.27.2646
CompanyName: Adobe Systems Incorporated
ProductName: Adobe Acrobat Update Service
ProductVersion: 1.824.27.2646
FileDescription: Adobe Acrobat Update Service
OriginalFilename: armsvc.exe
Translation: 0x0409 0x04b0

ML/PE-A + Mal/EncPk-MK also known as:

K7AntiVirusVirus ( 00580a951 )
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacWin32.Expiro.Gen.6
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWVirus ( 00580a951 )
Cybereasonmalicious.9ee25d
CyrenW32/Expiro.S.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Expiro.NDG
APEXMalicious
AvastWin32:MalOb-FE [Cryp]
ClamAVWin.Virus.Expiro-9782223-0
BitDefenderWin32.Expiro.Gen.6
NANO-AntivirusVirus.Win32.Gen.ccmw
MicroWorld-eScanWin32.Expiro.Gen.6
Ad-AwareWin32.Expiro.Gen.6
SophosML/PE-A + Mal/EncPk-MK
BitDefenderThetaGen:NN.ZexaF.34058.Du0@aquNH8hi
VIPREVirus.Win32.Expiro.dp (v)
TrendMicroVirus.Win32.EXPIRO.AD
FireEyeGeneric.mg.9523e869ee25d150
EmsisoftWin32.Expiro.Gen.6 (B)
SentinelOneStatic AI – Malicious PE
AviraW32/Infector.Gen8
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitWin32.Expiro.Gen.6
GDataWin32.Expiro.Gen.6
AhnLab-V3Malware/Win.Generic.R426282
Acronissuspicious
MAXmalware (ai score=89)
VBA32BScope.Trojan.Wacatac
TrendMicro-HouseCallVirus.Win32.EXPIRO.AD
IkarusVirus.Win32.Expiro
FortinetW32/Expiro.NDG!tr
AVGWin32:MalOb-FE [Cryp]
Qihoo-360HEUR/QVM20.1.2D3F.Malware.Gen

How to remove ML/PE-A + Mal/EncPk-MK?

ML/PE-A + Mal/EncPk-MK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment