Should I remove “ML/PE-A + Mal/PWS-JU”?

The ML/PE-A + Mal/PWS-JU is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What ML/PE-A + Mal/PWS-JU virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
CAPE detected the StormKitty malware family
Binary compilation timestomping detected

How to determine ML/PE-A + Mal/PWS-JU?


File Info:
name: E25DA2AF7B3956276F61.mlw
path: /opt/CAPEv2/storage/binaries/74dc5a5d49f5bd1a47deaf2181472dc1fdcc7856d35b4fc65897115680169c3a
crc32: D63F1009
md5: e25da2af7b3956276f612982dff3ffa4
sha1: 073fe9de506349395b31e6708d915b7c4c092aa7
sha256: 74dc5a5d49f5bd1a47deaf2181472dc1fdcc7856d35b4fc65897115680169c3a
sha512: 75a81cf72962674ffde4d449d4ce717b0433844de224348f3993a2bff47158e533beb0a933db39ad3c0928a72448474b1d4f575aa9c2a07d919bdd226b7846cb
ssdeep: 12288:bYWh28dIvwOCylJCY0sXxxo2r0JqGnYAS:bOIIHCynCYdxp05Y5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T156A4E51C3C99CD26E26E4FB091E03060E7B9649BA505FE6E8CB303D11D93BE5ED055BA
sha3_384: dbbc73e210057d641836969254ecf44d4aea6c92b898632f0cc546f9933a2cb72dac3aedf9abc05d46f5af3338f9233f
ep_bytes: ff250020400000000000000000000000
timestamp: 2089-03-06 07:21:01

Version Info:
Translation: 0x0000 0x04b0
Comments: 44 CALIBER
CompanyName: 44 CALIBER
FileDescription: 44 CALIBER
FileVersion: 1.6.2.0
InternalName: Insidious.exe
LegalCopyright: FuckTheSystem Copyright ©  2021
LegalTrademarks: 
OriginalFilename: Insidious.exe
ProductName: 44 CALIBER
ProductVersion: 1.6.2.0
Assembly Version: 1.6.2.0

ML/PE-A + Mal/PWS-JU also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.e25da2af7b395627
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
K7AntiVirus	Password-Stealer ( 0057016e1 )
K7GW	Password-Stealer ( 0057016e1 )
Cybereason	malicious.e50634
Cyren	W32/MSIL_Agent.BWD.gen!Eldorado
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/Spy.Agent.DIG
APEX	Malicious
ClamAV	Win.Ransomware.Stupid-9871677-0
Kaspersky	HEUR:Trojan-PSW.MSIL.Coins.gen
BitDefender	Gen:Variant.MSILHeracles.20530
MicroWorld-eScan	Gen:Variant.MSILHeracles.20530
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Gen:Variant.MSILHeracles.20530
Sophos	ML/PE-A + Mal/PWS-JU
VIPRE	Gen:Variant.MSILHeracles.20530
Emsisoft	Trojan-PSW.Agent (A)
SentinelOne	Static AI – Malicious PE
GData	Gen:Variant.MSILHeracles.20530
Avira	HEUR/AGEN.1203010
Arcabit	Trojan.MSILHeracles.D5032
Microsoft	Trojan:Win32/Wacatac.B!ml
Acronis	suspicious
ALYac	Gen:Variant.MSILHeracles.20530
MAX	malware (ai score=85)
Malwarebytes	Trojan.Crypt
Rising	Trojan.Generic/MSIL@AI.90 (RDM.MSIL:r/fllDQYOtTym45H6xPThA)
Ikarus	Trojan.MSIL.Vmprotect
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZemsilF.34786.Bm0@aqbuJFp
AVG	Win32:PWSX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove ML/PE-A + Mal/PWS-JU?

ML/PE-A + Mal/PWS-JU removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X