Malware

PWS:Win32/Kiction.A malicious file

Malware Removal

The PWS:Win32/Kiction.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Kiction.A virus can do?

  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara detections observed in process dumps, payloads or dropped files

How to determine PWS:Win32/Kiction.A?



File Info:

name: ED2170076A9C5EA140D1.mlw
path: /opt/CAPEv2/storage/binaries/a321c239a2ea4fe46482a8bf4f7a02aa3a4a7287f63f389ebcfb3e93631cb5ec
crc32: AC613200
md5: ed2170076a9c5ea140d173911b836f49
sha1: 07862503298a270d019a77940113de0c6e1051df
sha256: a321c239a2ea4fe46482a8bf4f7a02aa3a4a7287f63f389ebcfb3e93631cb5ec
sha512: 7e73d992e2f0932a7170ed7b8da1511f007383f3de04fe0b9e9f6000e3ac0ef109ff7413e148aedf210bf663a801eeaf67851df6ec4b6fabaf1b6adb6ccc9690
ssdeep: 3072:uwKd3THtitZNOltJK8+TH9ntkFjYellYY9a/FrNHVLWx0+WEf4HoqxzX6kTLrsj:uw4jtiROlHp+7IhjNIFrxExhfXqxp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15D14125AA3438C93D0353136676383366F1A5C6DBAA75F23B9E1BD9FBE34141122B01B
sha3_384: 60c105f6cc7b7db2c3961ada32434ffe29294e11f6b5776804805ed9c2df442df27c4e0345e43225f541232a6c75f58f
ep_bytes: 60be001045008dbe0000fbffc787c4c0
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 0.2.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 0.2.0.0
Translation: 0x0419 0x04e3

PWS:Win32/Kiction.A also known as:

BkavW32.Common.AD61814C
LionicTrojan.Win32.Birele.j!c
MicroWorld-eScanTrojan.Generic.4106987
ClamAVWin.Trojan.Agent-315412
FireEyeTrojan.Generic.4106987
SkyhighGeneric Dropper.rn
McAfeeArtemis!ED2170076A9C
Cylanceunsafe
ZillyaWorm.AutoRun.Win32.45732
SangforInfostealer.Win32.Kiction.V7sr
K7AntiVirusTrojan ( 7000000f1 )
AlibabaRansom:Win32/Birele.60a7da1d
K7GWTrojan ( 7000000f1 )
VirITWorm.Win32.Generic.CMQE
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/AutoRun.Agent.UP
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Ransom.Win32.Birele.gss
BitDefenderTrojan.Generic.4106987
NANO-AntivirusTrojan.Win32.Dropper.rpje
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10bdd037
SophosMal/Behav-043
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.MulDrop1.6138
VIPRETrojan.Generic.4106987
TrendMicroRansom_Birele.R002C0DAV24
EmsisoftTrojan.Generic.4106987 (B)
SentinelOneStatic AI – Suspicious PE
GDataTrojan.Generic.4106987
WebrootW32.Trojan.Rimod
GoogleDetected
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan[Ransom]/Win32.Birele
KingsoftWin32.Troj.Undef.a
XcitiumMalware@#gdbyrh5dzik0
ArcabitTrojan.Generic.D3EAAEB
ZoneAlarmTrojan-Ransom.Win32.Birele.gss
MicrosoftPWS:Win32/Kiction.A
ALYacTrojan.Generic.4106987
MAXmalware (ai score=100)
VBA32Worm.Spreader
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
TrendMicro-HouseCallRansom_Birele.R002C0DAV24
RisingStealer.Kiction!8.15A1C (CLOUD)
YandexTrojan.GenAsa!X7ao5lfDT+E
IkarusTrojan.Win32.Inject
MaxSecureTrojan.Malware.1355911.susgen
FortinetW32/Dx.UVE!tr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove PWS:Win32/Kiction.A?

PWS:Win32/Kiction.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment