PUA:Win32/Ymacco malicious file

The PUA:Win32/Ymacco is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What PUA:Win32/Ymacco virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine PUA:Win32/Ymacco?


File Info:
name: 09536996A2FE01CCFD15.mlw
path: /opt/CAPEv2/storage/binaries/79de92d00d837facd94653564443785a559cfc0c4e62e4004eaf61fec6cfae27
crc32: CDCB3F9E
md5: 09536996a2fe01ccfd1595bd84c9ebd9
sha1: c6293e915d7bd15bc9ba0aba34ae1830bf633390
sha256: 79de92d00d837facd94653564443785a559cfc0c4e62e4004eaf61fec6cfae27
sha512: 9caef6b11007f7fa9e507b1e4efbd10bdb2f01c5335931ea372a2cbe78f5fb8eb4f389b0189c29d2186379890612cf6aa0e3ab9a4cbdeeb8509c4df16f0a5193
ssdeep: 384:LEQK89+pgMfMWZZMLkS1kDnmWyPiIrMPhccMPMcAoBuD2l31:YrpTfMWZZMLkS6D26IWhFeEoBuDo
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1A5030701B684C037F8EA11FFEAFE8DB5492DED341B5A12D352C704992E611DB2476B8E
sha3_384: 4b85098b54c549ae0c17bc0af7081b145ca19b6ca9cd3d46bfa3be0471528951b51b7c9814166ccd457a72b7e5c6e675
ep_bytes: e9330f0000e94e0e0000e9363c0000e9
timestamp: 2020-05-20 08:15:36

Version Info:
0: [No Data]

PUA:Win32/Ymacco also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
DrWeb	Trojan.Siggen9.47563
CAT-QuickHeal	Trojan.WacatacPMF.S11834466
Skyhigh	BehavesLike.Win32.Generic.nt
McAfee	Artemis!09536996A2FE
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
Cynet	Malicious (score: 100)
Avast	Win32:Malware-gen
Varist	W32/Fugrafa.G.gen!Eldorado
Antiy-AVL	GrayWare/Win32.Presenoker
Microsoft	PUA:Win32/Ymacco
Google	Detected
AhnLab-V3	Malware/Win32.Generic.C4139892
VBA32	Adware.Ymacco
Malwarebytes	Malware.AI.3797426253
TrendMicro-HouseCall	TROJ_GEN.R002H0CL723
Rising	Trojan.Generic@AI.98 (RDML:5ZXp4JVcwcMdvSAC/GPHtA)
MaxSecure	Trojan.Malware.101808607.susgen
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_60% (W)

How to remove PUA:Win32/Ymacco?

PUA:Win32/Ymacco removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X