Categories: Fake

What is “ML/PE-A + Mal/FakeAV-PK”?

The ML/PE-A + Mal/FakeAV-PK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Mal/FakeAV-PK virus can do?

Behavioural detection: Executable code extraction – unpacking
SetUnhandledExceptionFilter detected (possible anti-debug)
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
Presents an Authenticode digital signature
Creates RWX memory
Checks adapter addresses which can be used to detect virtual network interfaces
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Enumerates running processes
Expresses interest in specific running processes
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial language used in binary resources: Bulgarian
Authenticode signature is invalid
Deletes its original binary from disk
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Deletes executed files from disk

How to determine ML/PE-A + Mal/FakeAV-PK?


File Info:
name: 9D3B4D1652AAA23D9B55.mlwpath: /opt/CAPEv2/storage/binaries/f80fc46810c968f87f7da423b4cc4ebfafb29dcff4e62d90a79b9a5bbe85cbaecrc32: FFD26630md5: 9d3b4d1652aaa23d9b55a7bd9c2191b4sha1: df7e6f26c9e0982b0f04a121d5331ed36974ac51sha256: f80fc46810c968f87f7da423b4cc4ebfafb29dcff4e62d90a79b9a5bbe85cbaesha512: 88431b9d81b799234ba346dc518f765c54babfce6f3ecf6e94057ca00f0c29bcd86e1eb45810c094394cda44e8596893619a188f7f7d6f9e23ab6928dd692f12ssdeep: 12288:moLz4cCiqQxBEKM2TVE39sGO1Kyo9+C3a3q6s75Z2Q:jn4L6xBM2TGNxwA+mBwQtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T170E41243EB038375E2A839F8699F1F560F182AC551601D1757A8E82B36E77B2609F7CCsha3_384: 6013091a72f2429c57ff651d25a50f5bbf312fab11efb46dde1951cd5419a1f35f8d272541e608a317a91ee16f2964c7ep_bytes: 558bec81ec1c0200008b15960d480033timestamp: 1970-01-02 18:33:23
Version Info:
CompanyName: BitDefender S.R.L.FileDescription: BitDefender Antivirus ScannerFileVersion: 13,0,21,1InternalName: UIScannerLegalCopyright: Copyright (C) 2010OriginalFilename: uiscan.exeProductName: BitDefender 2010ProductVersion: 13,0,18,344Translation: 0x0409 0x04b0

ML/PE-A + Mal/FakeAV-PK also known as:

FireEye	Generic.mg.9d3b4d1652aaa23d
Cylance	Unsafe
K7AntiVirus	Trojan ( 0026d7d11 )
K7GW	Trojan ( 0026d7d11 )
Cybereason	malicious.6c9e09
Cyren	W32/Logskie.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Adware.SystemSecurity.AI
APEX	Malicious
ClamAV	Win.Trojan.Mikey-9958102-0
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Riskware.Win32.FlashApp.dpfax
Avast	Win32:Mystic
DrWeb	Trojan.Fakealert.21226
Zillya	Adware.SystemSecurity.Win32.3170
McAfee-GW-Edition	PWS-Zbot.gen.baq
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A + Mal/FakeAV-PK
SentinelOne	Static AI – Malicious PE
Jiangmin	Hoax.FlashApp.bwk
Avira	TR/Crypt.XPACK.Gen2
Antiy-AVL	Trojan/Generic.ASMalwS.330C
Microsoft	Trojan:Win32/Bulta!rfn
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.FakeAV.R490329
McAfee	PWS-Zbot.gen.baq
VBA32	BScope.Malware-Cryptor.Hlux
Rising	Trojan.Generic@AI.91 (RDMK:cmRtazpimM/18q4ctdMCZ3S17JA1)
Yandex	Trojan.Agent!GAGqbA9RkJg
Ikarus	Trojan.Win32.Yakes
MaxSecure	Trojan.Yakes.dwnc
Fortinet	W32/BrowHost.KP!tr
BitDefenderTheta	Gen:NN.ZexaF.34806.Qq2@amMMkegO
AVG	Win32:Mystic
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (D)