Malware

Program:Win32/Ymacco.AA8B removal instruction

Malware Removal

The Program:Win32/Ymacco.AA8B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Program:Win32/Ymacco.AA8B virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Vidar malware family
  • Detects VirtualBox through the presence of a registry key
  • Detects VMware through the presence of a file
  • Detects VMware through the presence of a registry key
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Program:Win32/Ymacco.AA8B?



File Info:

name: 6D437B1D7985FE23616C.mlw
path: /opt/CAPEv2/storage/binaries/8b201ef9d439616c0261129454754c2d6d6e5bb749825c72136134f2f43a957d
crc32: EDDC28F5
md5: 6d437b1d7985fe23616c2b1eff9462ca
sha1: 123750fe38aba1f22afa07454d11580334e9feb8
sha256: 8b201ef9d439616c0261129454754c2d6d6e5bb749825c72136134f2f43a957d
sha512: deedb06c3324c6e1539e6bbc7bd4b1cbb12acfebfd8b7fd147bfcfaa75e1e03b3551c58e678f7e7795731e30afd480dab736245ac0e070ff4408d86eb7438126
ssdeep: 3072:dA/t5nXEBduBEqkicBrAh0ywr+EETz3V82QtDETdyW7aI3Fpf+UTwGrwtLrbzB3g:dASaNwW7DcLrXBOEfqm9zniSO+8+cBY8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F348D0C2409D3FEE2137EF17FE33A8155BB3DD016B471D8AF313C6955AE82599A10A9
sha3_384: 0d2c4b48402b186273873e10d4f721e59ea1383901e35d0114e0ae108d757f8caf4c1795dd791e41d1e129d370bb6fde
ep_bytes: 558bec81ecb4000000535657e82ffcff
timestamp: 2020-04-23 19:07:46


Version Info:

CompanyName: Limited Frames
FileDescription: Limiting Frames
FileVersion: 1.3.4.2
InternalName: limitedframes.exe
LegalCopyright: Copyright (C) 2020 Limited Frame
OriginalFilename: limitedframes.exe
ProductName: Limited Frames
ProductVersion: 1.3.4.2
Translation: 0x0409 0x04b0

Program:Win32/Ymacco.AA8B also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Razy.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Razy.636184
SkyhighGenericRXKI-ZJ!6D437B1D7985
ALYacGen:Variant.Razy.636184
MalwarebytesMalware.AI.1364738993
ZillyaTrojan.Agent.Win32.1321461
K7AntiVirusTrojan ( 005658211 )
AlibabaTrojan:Win32/Emotet.995e9d8b
K7GWTrojan ( 005658211 )
Cybereasonmalicious.e38aba
BitDefenderThetaGen:NN.ZexaF.36744.pq3@aCLQRkfi
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Agent.ABWL
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Trojan-Banker.Win32.Emotet.vho
BitDefenderGen:Variant.Razy.636184
NANO-AntivirusTrojan.Win32.Razy.hooheh
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan-Banker.Emotet.Udkl
EmsisoftGen:Variant.Razy.636184 (B)
F-SecureHeuristic.HEUR/AGEN.1313307
VIPREGen:Variant.Razy.636184
FireEyeGeneric.mg.6d437b1d7985fe23
SophosMal/Generic-S
GDataGen:Variant.Razy.636184
AviraHEUR/AGEN.1313307
Antiy-AVLTrojan/Win32.Wacatac
Kingsoftmalware.kb.a.998
ArcabitTrojan.Razy.D9B518
ZoneAlarmHEUR:Trojan-Banker.Win32.Emotet.vho
MicrosoftProgram:Win32/Ymacco.AA8B
GoogleDetected
AhnLab-V3Malware/Win32.RL_Generic.R336551
McAfeeGenericRXKI-ZJ!6D437B1D7985
MAXmalware (ai score=85)
VBA32BScope.Trojan.Encoder
Cylanceunsafe
RisingTrojan.Agent!1.C5EA (CLASSIC)
YandexTrojan.Agent!/vEr7i1qe9g
IkarusTrojan.Win32.Agent
MaxSecureTrojan.Malware.100974669.susgen
FortinetW32/Agent.ABWL!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Program:Win32/Ymacco.AA8B?

Program:Win32/Ymacco.AA8B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment