Categories: Malware

About “ML/PE-A + Troj/Hancitor-M” infection

The ML/PE-A + Troj/Hancitor-M is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/Hancitor-M virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 0.0.0.0:33195, :0, 127.0.0.1:36020
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates Zeus (Banking Trojan) mutexes
  • Zeus P2P (Banking Trojan)
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Harvests credentials from local FTP client softwares
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

pixiv.ru

How to determine ML/PE-A + Troj/Hancitor-M?



File Info:

crc32: 59882D3Emd5: 06ada3be8966713f7e3bfe34b03c898cname: 06ADA3BE8966713F7E3BFE34B03C898C.mlwsha1: b26deaa79218179b9962f06516befe37763f4f37sha256: bccab45cc546360661a89b80f60d1ba1d440845f1288782af6b592b76274576csha512: 090703e6a952ed60d8310a34ae39cfdf7b41e092a50d2b2483c557e3a50a35c121111dd35a06a656c14ef3728e315c98602805c2be15f88b0c1945b7d4ab611fssdeep: 6144:a6x+O+0B899m5LrZ/XSXnI3zHWRb9ZhHosAQSZQSY6N8Dd6Vdqmc:a6sO+X9m5XZ/XSXI2bzFoQS5N4MVStype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

ML/PE-A + Troj/Hancitor-M also known as:

Bkav W32.AIDetect.malware1
K7AntiVirus Spyware ( 0055e3db1 )
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
DrWeb Trojan.PWS.Panda.2977
Cynet Malicious (score: 100)
ALYac Trojan.Ransom.Cerber.1
Cylance Unsafe
Zillya Trojan.Zbot.Win32.155845
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Alibaba TrojanPSW:Win32/Hancitor.5870e317
K7GW Spyware ( 0055e3db1 )
Cybereason malicious.e89667
Symantec Packed.Generic.530
ESET-NOD32 Win32/Spy.Zbot.AAO
APEX Malicious
Avast Win32:Dropper-gen [Drp]
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Ransom.Cerber.1
NANO-Antivirus Trojan.Win32.Zbot.cxqclj
MicroWorld-eScan Trojan.Ransom.Cerber.1
Tencent Malware.Win32.Gencirc.114bc480
Ad-Aware Trojan.Ransom.Cerber.1
Sophos ML/PE-A + Troj/Hancitor-M
Comodo Malware@#rnpeclo6mh6c
F-Secure Heuristic.HEUR/AGEN.1118850
BitDefenderTheta Gen:NN.ZexaF.34050.rqX@auyRQPki
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_SPNR.0BGN14
FireEye Generic.mg.06ada3be8966713f
Emsisoft Trojan.Ransom.Cerber.1 (B)
SentinelOne Static AI – Malicious PE
Jiangmin Trojan.Generic.ksv
Webroot W32.InfoStealer.Zeus
Avira HEUR/AGEN.1118850
Antiy-AVL Trojan/Generic.ASMalwS.9EC9A0
Kingsoft Win32.Troj.Zbot.sj.(kcloud)
Microsoft PWS:Win32/Zbot
GData Trojan.Ransom.Cerber.1
AhnLab-V3 Trojan/Win32.Gen
McAfee PWSZbot-FABA!06ADA3BE8966
MAX malware (ai score=88)
VBA32 TrojanSpy.Zbot
Panda Trj/Genetic.gen
TrendMicro-HouseCall TROJ_SPNR.0BGN14
Rising Trojan.Generic@ML.100 (RDML:cBTcVldN43jhy+OYvpiMwA)
Ikarus Trojan.SuspectCRC
Fortinet W32/Zbot.AAO!tr.spy
AVG Win32:Dropper-gen [Drp]
Paloalto generic.ml
Qihoo-360 Win32/Ransom.Cerber.HxQBxHcA

How to remove ML/PE-A + Troj/Hancitor-M?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: ML/PE-A + Troj/Hancitor-Mpixiv.ru
3 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

2 months ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

2 months ago