Malware

ML/PE-A + W32/Hoaix-A removal tips

Malware Removal

The ML/PE-A + W32/Hoaix-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + W32/Hoaix-A virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Manipulates data from or to the Recycle Bin
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine ML/PE-A + W32/Hoaix-A?



File Info:

name: CACC8894B0FDF4446B2E.mlw
path: /opt/CAPEv2/storage/binaries/2fb8f2140d8a63c92ea55b9302b4059de10a16aff345a83a01950c1bb11efbce
crc32: 81A93F67
md5: cacc8894b0fdf4446b2e009e6cfa3c8a
sha1: f50c28319517852371569403115dce19a04e1af7
sha256: 2fb8f2140d8a63c92ea55b9302b4059de10a16aff345a83a01950c1bb11efbce
sha512: c5bcc8b71ee22c92fa074d6db3ddc2f7f8b78c832857edd25cd041f102d08e521de916fc0bfd01eeceeb58421064cd78220d758f0f928a1908f671b47d0853d7
ssdeep: 12288:F8ef7m0vqCzlx+Kz78VezrSACGOi68dG9TWRzSG:ziCzjZ/EirEGOivIG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19A058444B6AD8613E1311A7AD4A77B9406323C752F31D6EBA905B26E3D333C58633B36
sha3_384: 5bbcdf5fe5da1a7cd6cb81d26caa43a471cc687cdbc6a23b6ccb07d052c5e884a590e52948e5fe18ccddf95725f3df0c
ep_bytes: 60be006040008dbe00b0ffff5783cdff
timestamp: 2007-08-11 06:26:03


Version Info:

CompanyName: 
FileDescription: XiaoHao Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: XiaoHao
LegalCopyright: 版权所有 (C) 2007
LegalTrademarks: 
OriginalFilename: XiaoHao.EXE
ProductName: XiaoHao 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

ML/PE-A + W32/Hoaix-A also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.cacc8894b0fdf444
CAT-QuickHealW32.Lilu.B3
McAfeegeneric!bg.fjt
CylanceUnsafe
VIPRETrojan.Win32.Malware (fs)
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 000005ac1 )
K7GWTrojan ( 000005ac1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34114.0mNfaaI0VLpb
VirITTrojan.Win32.Agent_r.ARA
CyrenW32/XiaoHao.A.gen!Eldorado
SymantecW32.Hauxi
ESET-NOD32a variant of Win32/Agent.AI
TrendMicro-HouseCallPE_XIAHAO.E-O
ClamAVWin.Trojan.Jilu-1
KasperskyVirus.Win32.Lilu.c
BitDefenderGen:Variant.Zbot.29
NANO-AntivirusTrojan.Win32.Jilu.jsted
ViRobotWin32.Xiaohao.12288
MicroWorld-eScanGen:Variant.Zbot.29
AvastWin32:Agent-LRV@UPX [Wrm]
TencentWorm.Win32.Xiaohao.a
Ad-AwareGen:Variant.Zbot.29
EmsisoftGen:Variant.Zbot.29 (B)
ComodoTrojWare.Win32.Agent.JHA@59gl8d
DrWebWin32.HLLO.Jilu
ZillyaVirus.Lilu.Win32.1
TrendMicroPE_XIAHAO.E-O
McAfee-GW-EditionBehavesLike.Win32.MultiDropper.cm
SophosML/PE-A + W32/Hoaix-A
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zbot.29
JiangminTrojan/Lilu.a
AviraW32/Agent.AI
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASVirus.171
ArcabitTrojan.Zbot.29
SUPERAntiSpywareTrojan.Agent/Gen-Zusy
APEXMalicious
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
Acronissuspicious
VBA32Trojan.Xiaohao.3109
ALYacGen:Variant.Zbot.29
MalwarebytesMalware.AI.1955128637
RisingWorm.Xiaohao!1.6505 (RDMK:cmRtazor2WXv5GZW+L3KMryfuX80)
YandexTrojan.GenAsa!Ig940bsovQ8
IkarusBackdoor.Win32.DKangel
MaxSecureVirus.W32.Lilu.C
FortinetW32/Generic.AC.196571!tr
AVGWin32:Agent-LRV@UPX [Wrm]
Cybereasonmalicious.4b0fdf
PandaW32/XiaoHao.A

How to remove ML/PE-A + W32/Hoaix-A?

ML/PE-A + W32/Hoaix-A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment