Malware

ML/PE-A + Mal/EncPk-ND removal

Malware Removal

The ML/PE-A + Mal/EncPk-ND is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/EncPk-ND virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine ML/PE-A + Mal/EncPk-ND?



File Info:

name: D189924F6D38402E31D1.mlw
path: /opt/CAPEv2/storage/binaries/e33b766cb63f65ac8aac97bf4b2d295cb187ce187073c6eeeb86a0d22d43b624
crc32: 63365DCB
md5: d189924f6d38402e31d17a80889d4ad6
sha1: 66887879a11c77317b28c9b3b4276d42e4b8c9c3
sha256: e33b766cb63f65ac8aac97bf4b2d295cb187ce187073c6eeeb86a0d22d43b624
sha512: 26d477d5dfc11fc683cb6fb6de6375b282ace9ed7236b4473e4a3ccf37e2c2f277249b96d7e3ea9ad2543a3d24d8b9073b0fc2d5b6642b1295baf7f760e146db
ssdeep: 768:IpGIgEDew7ZViqa0b3xJYEcfVGFVkFoa3WmFS+6UDUAXJD6Xoe7q3:IGEDeGVPYvdGvJ8Fe3vq3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EB23E10665F81E1EC4FA39B646B342A4DF36FD667C3DE38C8085503A38321286D99F76
sha3_384: 750c3c37ccef0f7c93056803b9cdefe6d8881dd9b485432aa71c82d20d8c768c6402fc001f09b35a9fe8da0298e59f09
ep_bytes: 60be00d040008dbe0040ffff5783cdff
timestamp: 2009-04-07 12:22:39


Version Info:

Comments: Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName: Apache Software Foundation
FileDescription: ApacheBench command line utility
FileVersion: 2.2.14
InternalName: ab.exe
LegalCopyright: Copyright 2009 The Apache Software Foundation.
OriginalFilename: ab.exe
ProductName: Apache HTTP Server
ProductVersion: 2.2.14
Translation: 0x0409 0x04b0

ML/PE-A + Mal/EncPk-ND also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.600488
CAT-QuickHealTrojan.GenericRI.S18206508
ALYacGen:Variant.Razy.600488
CylanceUnsafe
CrowdStrikewin/malicious_confidence_60% (D)
CyrenW32/Swrort.B.gen!Eldorado
SymantecPacked.Generic.347
ESET-NOD32a variant of Win32/Rozena.ADH
APEXMalicious
ClamAVWin.Exploit.Fnstenv_mov-1
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.600488
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Evo-gen [Susp]
TencentMalware.Win32.Gencirc.10b3f98b
Ad-AwareGen:Variant.Razy.600488
SophosML/PE-A + Mal/EncPk-ND
ComodoTrojWare.Win32.Rozena.A@4jwdqr
VIPRETrojan.Win32.Swrort.B (v)
TrendMicroBackdoor.Win32.SWRORT.SMAL01
McAfee-GW-EditionSwrort.d
FireEyeGeneric.mg.d189924f6d38402e
EmsisoftGen:Variant.Razy.600488 (B)
IkarusExploit.PDF
GDataGen:Variant.Razy.600488
AviraTR/Crypt.ZPACK.Gen
ArcabitTrojan.Razy.D929A8
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Bifrose.R12476
Acronissuspicious
McAfeeSwrort.d
MAXmalware (ai score=85)
VBA32Trojan.Swrort
MalwarebytesTrojan.Rozena
TrendMicro-HouseCallBackdoor.Win32.SWRORT.SMAL01
RisingHackTool.Swrort!1.6477 (CLASSIC)
YandexTrojan.GenAsa!O0/tdGI4TGA
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetMalwThreat!0971IV
BitDefenderThetaGen:NN.ZexaF.34294.cmKfayfRTUai
AVGWin32:Evo-gen [Susp]
Cybereasonmalicious.f6d384
PandaTrj/Genetic.gen

How to remove ML/PE-A + Mal/EncPk-ND?

ML/PE-A + Mal/EncPk-ND removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment