Malware

What is “Program:Win32/Ymacco.AA76”?

Malware Removal

The Program:Win32/Ymacco.AA76 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Program:Win32/Ymacco.AA76 virus can do?

  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
rrrioYNbTRzfc.rrrioYNbTRzfc

How to determine Program:Win32/Ymacco.AA76?


File Info:

crc32: 73568EF3
md5: 52081a121ec13bb053dc2a9b32d0041a
name: 52081A121EC13BB053DC2A9B32D0041A.mlw
sha1: 1c39ce3a975070637f6bcc39d62315c0e3b9ec09
sha256: 7634f7cfc1bf1214b2b2dead5b5e2eaf6bf6ae5ed5faec54d9bd49deae334f74
sha512: 8fe1e2c001099029a965eb1642c9cc22c3d10b8a534b86c60f156e0fb5a252f8292ead52645b14d9db31a862ed1b9776fe9366663afd06691fdd2d8ac5baabfc
ssdeep: 24576:OQLny3OiG7O5fWcmCM4jBg0nWDqVXF1/Vz897cDH6WboJVIb90IIFS:OQLy3Z5ecmCMqhnllLNgIHjbiIb9N
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Htxykka
FileVersion: 18.2.8576.36057 (iynalnq_bct.697779-9079)
CompanyName: Microsoft Corporation
ProductName: Internet Explorer
ProductVersion: 18.2.8576.36057
FileDescription: Chf10 Frywncc Lrbxojzzdf
OriginalFilename: JGXYJRF.EXE .ALK
Translation: 0x0409 0x04b0

Program:Win32/Ymacco.AA76 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.255164
FireEyeGeneric.mg.52081a121ec13bb0
McAfeeArtemis!52081A121EC1
CylanceUnsafe
AegisLabTrojan.Win32.Alien.4!c
SangforMalware
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Variant.Strictor.255164
K7GWTrojan ( 005769b01 )
K7AntiVirusTrojan ( 005769b01 )
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Alien.kvr
AlibabaTrojan:Win32/Alien.3fbd9bb6
RisingDropper.Certutil!1.D0D0 (CLASSIC)
Ad-AwareGen:Variant.Strictor.255164
SophosMal/Generic-S
F-SecureTrojan.TR/Barys.sgcmf
DrWebTrojan.MulDrop16.9852
ZillyaTrojan.Alien.Win32.1613
McAfee-GW-EditionBehavesLike.Win32.BadFile.tc
EmsisoftGen:Variant.Strictor.255164 (B)
AviraTR/Barys.sgcmf
MAXmalware (ai score=87)
MicrosoftProgram:Win32/Ymacco.AA76
ArcabitTrojan.Strictor.D3E4BC
ZoneAlarmTrojan.Win32.Alien.kvr
GDataGen:Variant.Strictor.255164
AhnLab-V3PUP/Win32.RL_Generic.R364225
ALYacGen:Variant.Strictor.255164
MalwarebytesTrojan.Dropper.WXT.Generic
PandaTrj/Genetic.gen
ESET-NOD32a variant of Generik.CFKFDLE
TencentMalware.Win32.Gencirc.10ce325c
IkarusTrojan.Barys
FortinetPossibleThreat.PALLAS.H
AVGWin32:Trojan-gen
Cybereasonmalicious.a97507
Qihoo-360Win32/Trojan.61f

How to remove Program:Win32/Ymacco.AA76?

Program:Win32/Ymacco.AA76 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment