ML/PE-A + Troj/Mdrop-CGE malicious file

The ML/PE-A + Troj/Mdrop-CGE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What ML/PE-A + Troj/Mdrop-CGE virus can do?

Reads data out of its own binary image
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine ML/PE-A + Troj/Mdrop-CGE?


File Info:
crc32: E037E7AA
md5: fbf366fcac5bcc862b8ec7c0a47e89ba
name: FBF366FCAC5BCC862B8EC7C0A47E89BA.mlw
sha1: b2aec8be6f06d128d35d6782a52c4cc643e328b4
sha256: 96782e44f6c0d73b5bdacb181ee444eb459d52cee937b7e306ec1bc0fe8e4be5
sha512: 2dfecd92465f4c876743225d6f21b56a89c8eca247f3480acd9529ba1b53b425a5648a350611c5a12f98c75675321508f49186004a4a46af983a29eae7b226c9
ssdeep: 24576:B/rR8iyo24O3K3QJfhgiaaQhJkGEBvhGVVArnj7bgmj/m:B/FEo2473QJ5QbHwhlj7C
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:
0: [No Data]

ML/PE-A + Troj/Mdrop-CGE also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 0030b2a81 )
Elastic	malicious (high confidence)
DrWeb	Trojan.MulDrop.32183
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Agent.8142
ALYac	Trojan.GenericKD.34709477
Cylance	Unsafe
Zillya	Dropper.Agent.Win32.379508
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanDropper:Win32/Mdrop.044fa2b0
K7GW	Trojan ( 0030b2a81 )
Cybereason	malicious.cac5bc
Baidu	Win32.Trojan-Dropper.Agent.v
Cyren	W32/Agent.FI.gen!Eldorado
Symantec	SMG.Heur!gen
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.OBM
Zoner	Trojan.Win32.36891
APEX	Malicious
Avast	Win32:Rootkit-gen [Rtk]
ClamAV	Win.Dropper.Ramnit-7081815-0
Kaspersky	Trojan-Dropper.Win32.Agent.gato
BitDefender	Trojan.GenericKD.34709477
NANO-Antivirus	Trojan.Win32.Crypter.wpmb
ViRobot	Backdoor.Win32.Hupigon.48640.I
SUPERAntiSpyware	Trojan.Agent/Gen-Dropper
MicroWorld-eScan	Trojan.GenericKD.34709477
Tencent	Trojan.Win32.Dropper.abh
Ad-Aware	Trojan.GenericKD.34709477
Sophos	ML/PE-A + Troj/Mdrop-CGE
Comodo	TrojWare.Win32.TrojanDropper.Agent.~VQ@13ntw0
BitDefenderTheta	Gen:NN.ZexaF.34690.snJfaWhQ1Kbb
VIPRE	TrojanDropper.Win32.Agent.DO (v)
TrendMicro	TROJ_AGENT.SMX
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
FireEye	Generic.mg.fbf366fcac5bcc86
Emsisoft	Trojan.Agent (A)
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDropper.Crypter.gg
Avira	TR/Dropper.Gen
Microsoft	Trojan:Win32/Sabsik.TE.A!ml
Gridinsoft	Trojan.Win32.Agent.vb!s2
Arcabit	Trojan.Generic.D2119FE5
AegisLab	Trojan.Win32.Agent.ljak
ZoneAlarm	Trojan-Dropper.Win32.Agent.gato
GData	Trojan.GenericKD.34709477
AhnLab-V3	Dropper/Win32.Crypter.R3134
McAfee	generic!bg.fgl
MAX	malware (ai score=87)
VBA32	Trojan.Win32.Genome.dfab
Malwarebytes	Ransom.Cerber
Panda	Generic Malware
TrendMicro-HouseCall	TROJ_AGENT.SMX
Rising	Trojan.Lock!1.B303 (CLOUD)
Yandex	Trojan.DR.Agent!R/81B4lC/3w
Ikarus	Backdoor.Win32.Hupigon
Fortinet	W32/Generic.AC.12FB!tr
AVG	Win32:Rootkit-gen [Rtk]
Paloalto	generic.ml

How to remove ML/PE-A + Troj/Mdrop-CGE?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

ML/PE-A + Troj/Mdrop-CGE malicious file