Categories: Malware

What is “ML/PE-A + Mal/Kovter-Z”?

The ML/PE-A + Mal/Kovter-Z is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Mal/Kovter-Z virus can do?

Injection (inter-process)
Injection (Process Hollowing)
Executable code extraction
Creates RWX memory
Mimics the system’s user agent string for its own requests
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
Executed a process and injected code into it, probably while unpacking
Detects VirtualBox through the presence of a library
Detects Sandboxie through the presence of a library
Detects SunBelt Sandbox through the presence of a library
A process attempted to delay the analysis task by a long amount of time.
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
Creates a registry key or value with NUL characters to avoid detection with regedit
Installs itself for autorun at Windows startup
Stores JavaScript or a script command in the registry, likely for persistence or configuration
Attempts to identify installed analysis tools by registry key
Attempts to identify installed AV products by installation directory
Checks the version of Bios, possibly for anti-virtualization
Checks the presence of disk drives in the registry, possibly for anti-virtualization
Detects VirtualBox through the presence of a file
Detects VirtualBox through the presence of a registry key
Detects VMware through the presence of a file
Detects VMware through the presence of a registry key
Detects Virtual PC through the presence of a file
Attempts to modify browser security settings
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine ML/PE-A + Mal/Kovter-Z?


File Info:
crc32: 540E0796md5: a1e95dc273edfccd36a6a1a510e05d7aname: A1E95DC273EDFCCD36A6A1A510E05D7A.mlwsha1: 8c1de6b1f2baf9da7de9bbefdfdcae062e03d080sha256: 91eef8bf8eb16d19a77f973dd4ea365a0b67c4151b61373e395fd2817df25070sha512: 5d70fb17b033204f0ba92d73ef0d00f63c131cab8eda24cef1ff7df8042e706611e096cc874896bfa064774045613f498130182f2c2a2f6e0e8d4ea99f083f2fssdeep: 6144:5h74RjdwJTxNmiL85nMa8tKKijgWqyS/R/gZLk/RMLACL1YqIk:LEjd4TxNmiL8ia8t9i0W9SZALk/RSL1Htype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright xa9 1991-2005 by Gougelet Pierre-eInternalName: XnViewFileVersion: 2.13CompanyName: XnView, http://www.xnview.com LegalTrademarks: ProductName: XnView ProductVersion: 2.13FileDescription: XnView SlideShowOriginalFilename: Translation: 0x0409 0x04b0

ML/PE-A + Mal/Kovter-Z also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 004ff7221 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Kovter.297
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Poweliks.Dropper.2
Cylance	Unsafe
Zillya	Trojan.Kovter.Win32.3111
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 004ff7221 )
Cybereason	malicious.273edf
Cyren	W32/S-d9094daf!Eldorado
Symantec	Ransom.Kovter
ESET-NOD32	Win32/Kovter.I
APEX	Malicious
Avast	Win32:Rootkit-gen [Rtk]
ClamAV	Win.Dropper.Kovter-7079887-0
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Poweliks.Dropper.2
NANO-Antivirus	Trojan.Win32.Poweliks.eloero
MicroWorld-eScan	Gen:Variant.Poweliks.Dropper.2
Tencent	Malware.Win32.Gencirc.10b6d725
Ad-Aware	Gen:Variant.Poweliks.Dropper.2
Sophos	ML/PE-A + Mal/Kovter-Z
Comodo	TrojWare.Win32.Ransom.Locky.XST@6qi3hl
F-Secure	Heuristic.HEUR/AGEN.1101038
BitDefenderTheta	Gen:NN.ZexaF.34628.vG1@a8ce@uof
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_HPKOVTER.SMAX1
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fc
FireEye	Generic.mg.a1e95dc273edfccd
Emsisoft	Gen:Variant.Poweliks.Dropper.2 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Generic.fiyqh
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1101038
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Kovter
Arcabit	Trojan.Poweliks.Dropper.2
AegisLab	Trojan.Win32.Poweliks.4!c
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Variant.Poweliks.Dropper.2
AhnLab-V3	Trojan/Win32.RL_Poweliks.R285889
Acronis	suspicious
McAfee	GenericR-QRO!A1E95DC273ED
MAX	malware (ai score=85)
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	MachineLearning/Anomalous.100%
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_HPKOVTER.SMAX1
Rising	Trojan.Kovter!8.152 (CLOUD)
Yandex	Trojan.Poweliks!zmbqE83Qmys
Ikarus	Trojan.Win32.Kovter
Fortinet	W32/GenKryptik.TIW!tr
AVG	Win32:Rootkit-gen [Rtk]
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.Generic.a90