The ML/PE-A + Mal/EncPk-TG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
Gridinsoft Anti-Malware
Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
What ML/PE-A + Mal/EncPk-TG virus can do?
- Behavioural detection: Executable code extraction – unpacking
- Yara rule detections observed from a process memory dump/dropped files/CAPE
- Creates RWX memory
- Anomalous file deletion behavior detected (10+)
- Dynamic (imported) function loading detected
- At least one IP Address, Domain, or File Name was found in a crypto call
- Enumerates running processes
- Expresses interest in specific running processes
- Reads data out of its own binary image
- CAPE extracted potentially suspicious content
- Unconventionial language used in binary resources: Russian
- The binary contains an unknown PE section name indicative of packing
- Authenticode signature is invalid
- Code injection with CreateRemoteThread in a remote process
- Behavioural detection: Injection (inter-process)
- Behavioural detection: Injection with CreateRemoteThread in a remote process
- Tries to unhook or modify Windows functions monitored by Cuckoo
- Steals private information from local Internet browsers
- Collects and encrypts information about the computer likely to send to C2 server
- Attempts to modify browser security settings
- Harvests credentials from local FTP client softwares
- Collects information to fingerprint the system
- Anomalous binary characteristics
- Clears web history
How to determine ML/PE-A + Mal/EncPk-TG?
File Info:
name: 95B0AF46686EE6C134F6.mlwpath: /opt/CAPEv2/storage/binaries/38d29c34c4f92554eefdc012b249889b162d18d48b0977d235a3993b0df7cc3acrc32: 6BF2B0EDmd5: 95b0af46686ee6c134f6c734503b6deesha1: 8a594bbd1a20c2882eac44f70a5422635aadfa9fsha256: 38d29c34c4f92554eefdc012b249889b162d18d48b0977d235a3993b0df7cc3asha512: 18d2b7eee1c6285419bdbad888d420445e4084edd6f83ee138b18a6e081c1c773b4b088ff771a6ab6d52b69189d786a2100637183d83f18c2aecc7aeed495567ssdeep: 768:KU0Dm/QES+c3blYRCmFL0VcWmbV4KLw5Y/pJtDv8p9JS4tFs/v55:br/k3blmiVfm54q98pvS6Fs3Htype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T156C3F17328F13866D9EB297396931074EE31A617B3C58999F099D32A8F7A74B9C0F404sha3_384: 9826264077ab1270ee26cda8ebb751462140e61780dbbb2c6938ab2f1147ad1d75190608a29eb92766726a3155eee7e4ep_bytes: 660fbec18db424cd502c8c64a1300000timestamp: 2005-04-06 20:06:58Version Info:
CompanyName: †SOFTWIN栍뢟㼇鎘뇡娻얪㜳쟖豙鶻udc19暕ꊈuddc4व槻綃udcc7瘵犋斷ຜ끷ퟨ쾷밸Č镃俏트픳挔졑곚ℚ쯊᧤攅ꄷꏚ⋗㶿捓뾬࿓◚᥍笌촣ᆍ蠳棇嬆臱萟ᄅᛮ蟠ꎈ㸄人흛랁䡖쟤뚒睆uda3e凞㠊蔵텘ⶋ⍾丼暮聩漱㻑쫨ᗑ㣚뮥⟲䝙漇⺒뼕긓잂gꈬῶ짮얡웃䤵△鸖愮볉잙᱕蜐ᎍ窹㳚伭㘈ᶺ氐隙ꠟ扞ꔝ䔥⥝醉⼦官삯粋明撑ꍇ쑦㔼竼扅팛虏젔焟芪례˷꘧猤鵘滒ᕷঃ䦫蝷Č꯫좪ud88c⹐킝鶸빶ꉖudf56펯氼샐udf6c㠽붼㲊蕏惠䝕䀂ͣᅄᗋ휘恦ꗓ孃뱻漮뛵끿耱揟ᔏ틩㸘揙콍ﺬ⎛♯싃媎趹ꍰ샗枦땙펂䀃远繍ꇜ뤻幵᭮ո綬뽉ꤒῡudeb5ₜ촪뻳鿬ꕋۮॆ殿膯㌞날戨ᧁⱮ휁냞udf03銢퓛ῆ⣵蘿蘳㍃벖❕ﵱᲐ뉃쯻ꖎ獐ᴫℍ셄ଽळ餷똘煈沄ᑋ逆ude1c顠迹⾼贺㔆㼼浸敶獲潩㵮ㄢ〮•湥潣楤杮∽呕ⵆ∸猠慴摮污湯㵥礢獥㼢ാ㰊獡敳扭祬砠汭獮∽牵㩮捳敨慭業牣獯景潣㩭獡ㅶ•慭楮敦瑳敖獲潩㵮ㄢ〮㸢†愼獳浥汢䥹敤瑮瑩൹ ††瘠牥楳湯∽⸱⸰⸰∰†††牰捯獥潳䅲捲楨整瑣牵㵥堢㘸ഢ ††渠浡㵥䴢物湡慤䴮物湡慤䴮物湡慤ഢ ††琠灹㵥眢湩㈳ഢ ⼠ാ 㰠敤捳楲瑰潩㹮楍慲摮㱡搯獥牣灩楴湯ാ 㰠牴獵䥴普浸湬㵳產湲猺档浥獡洭捩潲潳瑦挭浯愺浳瘮∲ാ †㰠敳畣楲祴ാ ††㰠敲畱獥整偤楲楶敬敧㹳††††爼煥敵瑳摥硅捥瑵潩䱮癥汥†††††敬敶㵬愢䥳癮歯牥ഢ ††††甠䅩捣獥㵳昢污敳⼢ാ ††㰠爯煥敵瑳摥牐癩汩来獥ാ †㰠猯捥牵瑩㹹†⼼牴獵䥴普㹯†搼灥湥敤据㹹††搼灥湥敤瑮獁敳扭祬ാ †††㰠獡敳扭祬摉湥楴祴††††††祴数∽楷㍮∲††††††慮敭∽楍牣獯景楗摮睯潃浭湯䌭湯牴汯≳††††††敶獲潩㵮㘢〮〮〮ഢ †††††瀠潲散獳牯牁档瑩捥畴敲∽㡘∶††††††異汢捩敋呹歯湥∽㔶㔹㙢ㄴ㐴捣ㅦ晤ഢ †††††氠湡畧条㵥⨢ഢ †††⼠ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹†搼灥湥敤据㹹††搼灥湥敤瑮獁敳扭祬ാ †††㰠獡敳扭祬摉湥楴祴††††††祴数∽楷㍮∲††††††慮敭∽楍牣獯景楗摮睯摇灩畬≳††††††敶獲潩㵮ㄢ〮〮〮ഢ †††††瀠潲散獳牯牁档瑩捥畴敲∽㡘∶††††††異汢捩敋呹歯湥∽㔶㔹㙢ㄴ㐴捣ㅦ晤ഢ †††††氠湡畧条㵥⨢ഢ †††⼠ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹†挼浯慰楴楢楬祴砠汭獮∽牵㩮捳敨慭業牣獯景潣㩭潣灭瑡扩汩瑩ㅶ㸢††愼灰楬慣楴湯ാ ††㰠畳灰牯整佤⁓摉∽㍻ㄵ㠳㥢ⵡ搵㘹㐭扦ⵤ攸搲愭㐲〴㈲昵㌹絡⼢ാ †㰠愯灰楬慣楴湯ാ 㰠振浯慰楴楢楬祴ാ㰊愯獳浥汢㹹:
ML/PE-A + Mal/EncPk-TG also known as:
| Bkav | W32.AIDetect.malware1 |
| Lionic | Trojan.Win32.Generic.4!c |
| Elastic | malicious (high confidence) |
| DrWeb | Trojan.PWS.Panda.487 |
| MicroWorld-eScan | Trojan.Brsecmon.1 |
| FireEye | Generic.mg.95b0af46686ee6c1 |
| CAT-QuickHeal | TrojanPWS.Zbot.Y10 |
| McAfee | Generic PWS.te |
| Cylance | Unsafe |
| Zillya | Trojan.Kryptik.Win32.1212171 |
| Sangfor | Trojan.Win32.Save.a |
| K7AntiVirus | Trojan ( 0055dd191 ) |
| Alibaba | Packed:Win32/Kryptik.29f4c32c |
| K7GW | Trojan ( 0055dd191 ) |
| Cybereason | malicious.6686ee |
| Arcabit | Trojan.Brsecmon.1 |
| BitDefenderTheta | Gen:NN.ZexaF.34212.hO0@amlVlelI |
| VirIT | Trojan.Win32.Panda.ST |
| Cyren | W32/FakeAlert.OG.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Kryptik.ASLG |
| TrendMicro-HouseCall | TROJ_KRYPTK.SMM |
| Paloalto | generic.ml |
| ClamAV | Win.Trojan.Agent-708459 |
| Kaspersky | Packed.Win32.Krap.hd |
| BitDefender | Trojan.Brsecmon.1 |
| NANO-Antivirus | Trojan.Win32.Krap.dsjtem |
| SUPERAntiSpyware | Trojan.Agent/Gen-Backdoor[Softwin] |
| Avast | Win32:MalOb-CK [Cryp] |
| Tencent | Win32.Packed.Krap.Hupc |
| Ad-Aware | Trojan.Brsecmon.1 |
| Emsisoft | Trojan.Brsecmon.1 (B) |
| Comodo | Packed.Win32.Krap.hd@2nkc7n |
| F-Secure | Trojan.TR/Drop.Agent.awd.8 |
| VIPRE | Trojan.Win32.Zbot.im (v) |
| TrendMicro | TROJ_KRYPTK.SMM |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.ch |
| Sophos | ML/PE-A + Mal/EncPk-TG |
| Ikarus | Packer.Win32.Krap |
| Jiangmin | Packed.Krap.daaz |
| Webroot | W32.InfoStealer.Zeus |
| Avira | TR/Drop.Agent.awd.8 |
| MAX | malware (ai score=99) |
| Antiy-AVL | Trojan[Packed]/Win32.Krap |
| Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
| Microsoft | PWS:Win32/Zbot |
| ZoneAlarm | Packed.Win32.Krap.hd |
| GData | Trojan.Brsecmon.1 |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Win-Trojan/Kazy.Gen |
| Acronis | suspicious |
| VBA32 | Trojan.Zeus.EA.01000 |
| ALYac | Trojan.Brsecmon.1 |
| Malwarebytes | Malware.Heuristic.1003 |
| APEX | Malicious |
| Rising | Trojan.Kryptik!8.8 (CLOUD) |
| Yandex | TrojanSpy.Zbot.Gen!Pac.15 |
| SentinelOne | Static AI – Malicious PE |
| MaxSecure | Trojan.Malware.1440924.susgen |
| Fortinet | W32/Kryptik.AJ!tr |
| AVG | Win32:MalOb-CK [Cryp] |
| Panda | Trj/Genetic.gen |
| CrowdStrike | win/malicious_confidence_100% (D) |
How to remove ML/PE-A + Mal/EncPk-TG?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment