Malware

Program:Win32/Ymacco.AA1A removal

Malware Removal

The Program:Win32/Ymacco.AA1A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Program:Win32/Ymacco.AA1A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Program:Win32/Ymacco.AA1A?



File Info:

name: 5385FBEBEB37B41C065C.mlw
path: /opt/CAPEv2/storage/binaries/1a079c4200a284641bd1cb878143083e9b1f9f1da22201637d547f73e84c75a9
crc32: 653359BF
md5: 5385fbebeb37b41c065cf61df7a26ac7
sha1: e99b01e74e468b2ecbadc8e50cedb8b5683deede
sha256: 1a079c4200a284641bd1cb878143083e9b1f9f1da22201637d547f73e84c75a9
sha512: b231ce3aefe0667263effb8ef35fc1f4bff89812f3bccd8b5433135be8e5d69aa74ae9ea55f2b5eaa3e0b0866a779b9ddb8388db142ada4ee33ac5c7a121309a
ssdeep: 768:jo6RfstFMXiyW2hT+955uaNQJ4TRuAGhMqo2yMAlLU5D:jo6hszMSJ2hTS/qG4TMqQMAuD
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T16403E185B18407B4C3A976300C57B9F3282680F59B165FE637E92DEE1CE78021E536E6
sha3_384: 0c563a56c4397346e44b0b99dc482624dd89dd02c978d55683dc2dd9533312f3db4c34f27bdfc17644069c8b4be5fcfd
ep_bytes: b8548f41005064ff3500000000648925
timestamp: 2010-08-16 15:29:27


Version Info:

0: [No Data]

Program:Win32/Ymacco.AA1A also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.kZpz
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
McAfeeArtemis!5385FBEBEB37
MalwarebytesMalware.AI.1718642036
SangforTrojan.Win32.Toksteal.8
K7AntiVirusUnwanted-Program ( 004a8e8a1 )
AlibabaHackTool:Win32/Exploiter.e7175012
K7GWUnwanted-Program ( 004a8e8a1 )
Cybereasonmalicious.beb37b
VirITBackdoor.Win32.Hupigon5.CDMA
CyrenW32/TokSteal.B.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Toksteal.C
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Trojan.6584806-1
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderTrojan.Generic.7827976
NANO-AntivirusRiskware.Win32.TrjGen.wdwct
MicroWorld-eScanTrojan.Generic.7827976
RisingTrojan.Occamy!8.F1CD (CLOUD)
Ad-AwareTrojan.Generic.7827976
EmsisoftTrojan.Generic.7827976 (B)
ComodoMalware@#2kkgihjknhnu7
F-SecureHeuristic.HEUR/AGEN.1216032
DrWebWin32.HLLW.Autoruner1.53009
ZillyaTool.Exploiter.Win32.109
TrendMicroHKTL_CVE20081436.SM
McAfee-GW-EditionBehavesLike.Win32.Generic.nc
FireEyeGeneric.mg.5385fbebeb37b41c
SophosGeneric PUA OJ (PUA)
IkarusTrojan.Win32.Toksteal
GDataTrojan.Generic.7827976
JiangminHackTool.Exploiter.m
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1216032
MAXmalware (ai score=85)
KingsoftWin32.HackTool.Exploiter.(kcloud)
ArcabitTrojan.Generic.D777208
MicrosoftProgram:Win32/Ymacco.AA1A
AhnLab-V3Trojan/Win32.HackTool.R109923
ALYacTrojan.Generic.7827976
CylanceUnsafe
TrendMicro-HouseCallHKTL_CVE20081436.SM
TencentMalware.Win32.Gencirc.10b3cc75
SentinelOneStatic AI – Malicious PE
FortinetW32/TOKSTEAL.C!tr
BitDefenderThetaGen:NN.ZexaF.34606.ciWfa00mngci
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Program:Win32/Ymacco.AA1A?

Program:Win32/Ymacco.AA1A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment