Malware

About “Packer.Pohernah.D” infection

Malware Removal

The Packer.Pohernah.D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Packer.Pohernah.D virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Creates Zeus (Banking Trojan) mutexes
  • Anomalous binary characteristics

How to determine Packer.Pohernah.D?


File Info:

name: FA1DA8F12750F092C0F4.mlw
path: /opt/CAPEv2/storage/binaries/e57de518709904e7662dda2133cbf99a052b1f8ff29aa31cb783475611b322b5
crc32: 4036D71C
md5: fa1da8f12750f092c0f42b8ac6437121
sha1: b8811ec07cabea1b5d85257d62700a1eb7218ba3
sha256: e57de518709904e7662dda2133cbf99a052b1f8ff29aa31cb783475611b322b5
sha512: bfe782ded3993bfd18daee154aa6597ad0910b02f19a640608203c19f0fc9ccc0151476f4c6a05523725f7a65dfe2c67cc85a9828bf189f31a2eeaed4dd5714c
ssdeep: 6144:xOACAmzUW8voAKRfISJ6qQAWQ7s3xyLzBHiF:xOHAiio7tISo23g3xyJHs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13954238BEEFE14E9C56479B90B751FFF7C1BA812C386E2A26C431045152EFA051622FD
sha3_384: 1975d14da76ffa5176661e8849a70d01b9a1a81af37b522bf9e9e72b6ec12ec94da8b1fd3c921f4af1fe43d626b2c04d
ep_bytes: 4d5a90eb010052e96201000050450000
timestamp: 1970-01-01 00:00:00

Version Info:

0: [No Data]

Packer.Pohernah.D also known as:

BkavW32.AIDetect.malware1
DrWebTrojan.Packed.454
MicroWorld-eScanPacker.Pohernah.D
FireEyeGeneric.mg.fa1da8f12750f092
ALYacPacker.Pohernah.D
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZelphiF.34742.seZ@aW5mwOo
VirITTrojan.Win32.Packed.RM
SymantecInfostealer.Monstres
Elasticmalicious (high confidence)
ESET-NOD32Win32/Wigon.BC
TrendMicro-HouseCallTROJ_AGENT.XQ
KasperskyTrojan-Spy.Win32.Zbot.adec
BitDefenderPacker.Pohernah.D
AvastWin32:Buzus-GL [Trj]
RisingPacker.Win32.Agent.d (CLASSIC)
Ad-AwarePacker.Pohernah.D
SophosML/PE-A + Mal/SPack-A
ComodoTrojWare.Win32.Wigon.BC@9tbv
ZillyaTrojan.Zbot.Win32.21928
TrendMicroTROJ_AGENT.XQ
McAfee-GW-EditionBehavesLike.Win32.VirRansom.dc
Trapminemalicious.moderate.ml.score
EmsisoftPacker.Pohernah.D (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Spy.Buzus.gyj
ViRobotSuspected.EntryZero
ZoneAlarmPacked.Multi.SuspiciousPacker.gen
GDataPacker.Pohernah.D
CynetMalicious (score: 100)
AhnLab-V3Win32/EntryZero.suspicious
Acronissuspicious
McAfeeSpy-Agent.bw
MAXmalware (ai score=80)
VBA32SScope.Malware-Cryptor.Maxplus.0997
MalwarebytesMalware.Heuristic.1008
APEXMalicious
FortinetW32/Zbot.ZR!tr
AVGWin32:Buzus-GL [Trj]
Cybereasonmalicious.12750f

How to remove Packer.Pohernah.D?

Packer.Pohernah.D removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment