Malware

ML/PE-A + Mal/EncPk-NSU removal

Malware Removal

The ML/PE-A + Mal/EncPk-NSU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Mal/EncPk-NSU virus can do?

  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Attempts to disable Windows Auto Updates
  • Attempts to modify or disable Security Center warnings
  • Modifies Image File Execution Options, indicative of process injection or persistence
  • Anomalous binary characteristics

How to determine ML/PE-A + Mal/EncPk-NSU?



File Info:

name: AD6F8CAA7308213C35A9.mlw
path: /opt/CAPEv2/storage/binaries/17ebfc8214431cfc164e4bb43c1a749136aad5e0b0f23c505189540958664874
crc32: 5B29FC65
md5: ad6f8caa7308213c35a93c4d819fda06
sha1: 559006681da3457ca71f8991cba0d169b185ae22
sha256: 17ebfc8214431cfc164e4bb43c1a749136aad5e0b0f23c505189540958664874
sha512: 71cd5438ba264668099fcd4592490c1987b0ddbc6a4e044661b41fc60eae47e31ddaf9b3ca925766511db707442783dd3a274b4a978db9faedf0240a61b26b13
ssdeep: 1536:sanqOKvVMmB0YY4WEtQsKTLOz1FbClfG8CHbs8Yivty:5nT2VMmBptQ3hG8Us8zs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11A837D426967DE24E398193034A5A009105FD18AF407B933D4F41FBA19DBBE5A6F3BF2
sha3_384: 10075c2ce67c43e6ebd61dd429ede3da9c9798f92b7386f78f0672c778fa59d0c71cf7086a2efcc93faed1e60a7aa91e
ep_bytes: 55ba0010400057565381ec740500008d
timestamp: 2006-12-14 12:59:25


Version Info:

0: [No Data]

ML/PE-A + Mal/EncPk-NSU also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Trojan.Heur.fiZ@HbBcxkb
FireEyeGeneric.mg.ad6f8caa7308213c
McAfeeDownloader-AYV
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0055e3da1 )
BitDefenderGen:Trojan.Heur.fiZ@HbBcxkb
K7GWTrojan-Downloader ( 0055e3da1 )
Cybereasonmalicious.a73082
CyrenW32/Downloader.PJNP-3930
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Agent.NIV
APEXMalicious
ClamAVWin.Downloader.3206-1
KasperskyTrojan-Downloader.Win32.Agent.apd
NANO-AntivirusTrojan.Win32.Agent.bwurx
ViRobotTrojan.Win32.Downloader.2148
RisingTrojan.DL.Adload.act (CLASSIC)
Ad-AwareGen:Trojan.Heur.fiZ@HbBcxkb
EmsisoftGen:Trojan.Heur.fiZ@HbBcxkb (B)
ComodoTrojWare.Win32.TrojanDownloader.Agent.NIV@1z1g
DrWebTrojan.MulDrop.4053
ZillyaDownloader.Agent.Win32.457902
TrendMicroTROJ_AGENT.TJT
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.mm
Trapminesuspicious.low.ml.score
SophosML/PE-A + Mal/EncPk-NSU
IkarusTrojan-Downloader.Win32.Agent
JiangminTrojanDownloader.Agent.hti
AviraTR/Drop.Age.apd.1.E
MicrosoftTrojan:Win32/Agent.OE
ArcabitTrojan.Heur.ECBD57
GDataGen:Trojan.Heur.fiZ@HbBcxkb
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R17642
Acronissuspicious
BitDefenderThetaAI:Packer.1A70F47A1B
ALYacGen:Trojan.Heur.fiZ@HbBcxkb
MAXmalware (ai score=82)
VBA32TrojanDownloader.Agent
MalwarebytesMalware.AI.2770740631
TrendMicro-HouseCallTROJ_AGENT.TJT
TencentTrojan.Win32.Agent.xp
YandexTrojan.GenAsa!VR/S7qcDkK4
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.APD!tr.dldr
AVGWin32:Agent-JML [Trj]
AvastWin32:Agent-JML [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove ML/PE-A + Mal/EncPk-NSU?

ML/PE-A + Mal/EncPk-NSU removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment