Malware

Packer.Malware.NSAnti.K malicious file

Malware Removal

The Packer.Malware.NSAnti.K is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Packer.Malware.NSAnti.K virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Attempts to modify browser security settings
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Packer.Malware.NSAnti.K?



File Info:

name: 2E9C6A5C248DA0F18DB6.mlw
path: /opt/CAPEv2/storage/binaries/358545db0874486fc7b81a6b79b8dd992a5a4c429be0ba64312492098b38a104
crc32: 646460D1
md5: 2e9c6a5c248da0f18db69ced4de08654
sha1: d586e73eb70f17d83b0be20b304af6948932abff
sha256: 358545db0874486fc7b81a6b79b8dd992a5a4c429be0ba64312492098b38a104
sha512: a40b21ef1abc94fb7732509888599e86e25267255557fb48e478bd6230ca957c84c26fc5f9ab9a02e959772c3c9399e1bac336db6188b9fd1f844638792153ea
ssdeep: 12288:oOIeqaFiBCLlQEw1hPHZsQ4IHvpNkp9h99DcC9vns3Y:oTeqrsp01hv4/roCZ/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12AD4CFD09B87E74BC8DF32F6481BEFE511157A151D12213FEC12B6A154F83FA5A2A80B
sha3_384: d79702cb6756ee593bab362d518c4291d8941a2448f34b629321155fa3a64f652dff14b1a9fe767ca355e4268949c7dc
ep_bytes: 558bec81ec400b0000535657e8b0feff
timestamp: 2017-03-19 08:57:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: ODBC Administrator
FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
InternalName: odbcad32.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: odbcad32.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.18362.1
Translation: 0x0409 0x04b0

Packer.Malware.NSAnti.K also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.MauvaiseRI.S5244686
McAfeeGenericRXBF-PE!2E9C6A5C248D
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusPassword-Stealer ( 0034dbc11 )
K7GWPassword-Stealer ( 0034dbc11 )
Cybereasonmalicious.c248da
BaiduWin32.Trojan-Downloader.Agent.at
CyrenW32/Trojan.GSUC-4202
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Malware.Inhiei-9780481-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderPacker.Malware.NSAnti.K
NANO-AntivirusTrojan.Win32.Razy.ibvqmq
MicroWorld-eScanPacker.Malware.NSAnti.K
AvastWin32:Malware-gen
RisingTrojan.Generic@ML.95 (RDML:A5fYuEbG3dTQmFiZXtL7fg)
Ad-AwarePacker.Malware.NSAnti.K
SophosML/PE-A + Mal/EncPk-ZC
ComodoTrojWare.Win32.GameThief.Magania.~NWABU@18g2sq
DrWebTrojan.Siggen6.24601
TrendMicroTROJ_ESTIWIR.SMZ
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
FireEyeGeneric.mg.2e9c6a5c248da0f1
EmsisoftPacker.Malware.NSAnti.K (B)
SentinelOneStatic AI – Malicious PE
GDataPacker.Malware.NSAnti.K
JiangminTrojan.Generic.autxk
AviraADWARE/Hebogo.IN
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.C8C100
ArcabitPacker.Malware.NSAnti.K
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Dropper/Win32.Banki.R198900
Acronissuspicious
VBA32BScope.Trojan.Bulta
ALYacPacker.Malware.NSAnti.K
MalwarebytesTrojan.GameThief
TrendMicro-HouseCallTROJ_ESTIWIR.SMZ
TencentMalware.Win32.Gencirc.10b3aeff
YandexTrojan.GenAsa!juh0hqkzLRI
IkarusPacker.Malware.NSAnti.H
eGambitUnsafe.AI_Score_99%
FortinetW32/Generic.AP.A74C2!tr
BitDefenderThetaAI:Packer.2A2212B920
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Packer.Malware.NSAnti.K?

Packer.Malware.NSAnti.K removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment