Categories: Malware

About “Packed.Win32.Katusha.aa” infection

The Packed.Win32.Katusha.aa is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Packed.Win32.Katusha.aa virus can do?

Behavioural detection: Executable code extraction – unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
CAPE detected the Fareit malware family
Harvests cookies for information gathering
Harvests credentials from local FTP client softwares
Harvests information related to installed mail clients
Mimics icon used for popular non-executable file format

How to determine Packed.Win32.Katusha.aa?


File Info:
name: 2AA2F3CAD215A20171F2.mlwpath: /opt/CAPEv2/storage/binaries/7a6b52c1a29bbdb482a5d7eacba458e73362b88f335553e5081a8e2b26e53842crc32: 24A64287md5: 2aa2f3cad215a20171f2e5122f0ce198sha1: 0b36f703e43ab593089dea4fff52060b47b80d3asha256: 7a6b52c1a29bbdb482a5d7eacba458e73362b88f335553e5081a8e2b26e53842sha512: 74ad3737df961c1077a5b8c24f4070d0cc3f745373ac28189a5b69bb7858eff20328d152346a9e25a665967f9e7389013f6607c81e75ddf6f366971602a919a4ssdeep: 3072:o+xQtoJnApxYw9xl2v9UguZ2Pa0qNLLLLLLLLLLLLLLLLLLLLLLLTPe:BxQtwA7p2v9UDZH0qNLLLLLLLLLLLLLftype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T19AB30142F22A869CFDB4217478776E64365341BD48254ACEE0AB79EF75BB3C35026E02sha3_384: 90217cd44b31f3c83c00dce94a80695fad2a831c8dfaed139c3182c926ff48248fb3a824f72e9272f60e4cf3292e6027ep_bytes: 6a015f4f8b356420400068b6244000a1timestamp: 2003-11-13 23:15:40
Version Info:
0: [No Data]

Packed.Win32.Katusha.aa also known as:

Bkav	W32.AIDetect.malware2
Lionic	Hacktool.Win32.Katusha.x!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Packed.24465
MicroWorld-eScan	Trojan.VIZ.Gen.1
FireEye	Generic.mg.2aa2f3cad215a201
CAT-QuickHeal	TrojanPWS.Zbot.Gen
McAfee	PWS-Zbot
VIPRE	Trojan.VIZ.Gen.1
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0040f53b1 )
K7GW	Trojan ( 0040f53b1 )
Cybereason	malicious.ad215a
BitDefenderTheta	Gen:NN.ZexaF.34646.gmW@a48tS7ce
Cyren	W32/Agent.VY.gen!Eldorado
Symantec	Packed.Generic.437
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Kryptik.BFUP
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Tepfer-61
Kaspersky	Packed.Win32.Katusha.aa
BitDefender	Trojan.VIZ.Gen.1
NANO-Antivirus	Trojan.Win32.Katusha.cuujxp
SUPERAntiSpyware	Trojan.Agent/Gen-Tepfer
Avast	Win32:LockScreen-ACF [Trj]
Ad-Aware	Trojan.VIZ.Gen.1
Emsisoft	Trojan.VIZ.Gen.1 (B)
Comodo	TrojWare.Win32.Kryptik.FRV@4zfejq
TrendMicro	TROJ_KRYPTK.SMN5
McAfee-GW-Edition	BackDoor-FBBL!2AA2F3CAD215
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A + Troj/Agent-ACSF
Ikarus	Trojan-PWS.Win32.Fareit
GData	Trojan.VIZ.Gen.1
Google	Detected
Avira	TR/PSW.Fareit.EB.2
Antiy-AVL	Trojan/Generic.ASMalwS.17F
Microsoft	PWS:Win32/Fareit
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Tepfer.R74585
VBA32	Malware-Cryptor.Hlux
ALYac	Trojan.VIZ.Gen.1
MAX	malware (ai score=85)
Malwarebytes	Trojan.MalPack.Generic
TrendMicro-HouseCall	TROJ_KRYPTK.SMN5
Rising	Trojan.Agent!1.6A79 (CLASSIC)
Yandex	Trojan.GenAsa!KX8RiOGNwEc
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Kryptik.BDPK!tr
AVG	Win32:LockScreen-ACF [Trj]
Panda	Trj/Genetic.gen
CrowdStrike	win/malicious_confidence_100% (D)