Malware

What is “PWS:Win32/Sifre.A”?

Malware Removal

The PWS:Win32/Sifre.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Sifre.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Unconventionial language used in binary resources: Turkish
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Attempts to disable UAC
  • Disables Windows firewall
  • Attempts to modify or disable Security Center warnings
  • Uses suspicious command line tools or Windows utilities

How to determine PWS:Win32/Sifre.A?



File Info:

name: EFFC69D678B49244DC13.mlw
path: /opt/CAPEv2/storage/binaries/00f6fee4c4b191b708ed11081a9eb105addbd89a716cae6342ef47c86add8096
crc32: DD178D63
md5: effc69d678b49244dc13406fe42a9f5b
sha1: 8b34f09dd17b10aefed06118a6adb044f878f5d7
sha256: 00f6fee4c4b191b708ed11081a9eb105addbd89a716cae6342ef47c86add8096
sha512: 87eec2cac416db130b0dad84335594d75d806e4ff211bd53b8f09799e575d67aa7658c6a3c99de584ed2163d4de7a4363d62fa199bbde11856ad5f8ca6d4cbf5
ssdeep: 49152:6+zqxC6oWbci0QOk/cvgzgQFskaZ7y7NqYzcf/1gDCtk0JOPFz8STcG/gAd7KDxK:/zCjkK4i8mkpRiIel+sevcEgISxJSHaR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T192D5ADF1A9C6E897EBEDA4B2E720C4F181B56D59C2D641EB328DBD5D70EF2108719B00
sha3_384: d5d13fdff3895fa58bf15d922bcde3164887fddd3ff33557cdb0270bc02d981f1951942b9c9a1e88f92b47a0e3479698
ep_bytes: fc5550e8000000005d50e80300000083
timestamp: 2014-03-19 19:52:53


Version Info:

ProductName: svchosts
FileVersion: 12.00
ProductVersion: 12.00
InternalName: svchosts
OriginalFilename: svchosts.exe
Translation: 0x0409 0x04b0

PWS:Win32/Sifre.A also known as:

BkavW32.AIDetect.malware2
LionicTrojan.MSIL.Hakops.m!c
tehtrisGeneric.Malware
FireEyeGeneric.mg.effc69d678b49244
McAfeeArtemis!EFFC69D678B4
CylanceUnsafe
ZillyaStaticHeur1.Win32.19
SangforTrojan.Win32.Agent.Vdh3
K7AntiVirusSpyware ( 0055e3db1 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWSpyware ( 0055e3db1 )
Cybereasonmalicious.dd17b1
BitDefenderThetaGen:NN.ZevbaF.34592.1o0@a48LZzfO
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Generik.KWGWWZV
TrendMicro-HouseCallTROJ_GEN.R002C0DFR22
Paloaltogeneric.ml
KasperskyBackdoor.MSIL.Hakops.bq
CynetMalicious (score: 99)
AvastSf:Zbot-JN [PUP]
TencentMsil.Backdoor.Hakops.Aqqm
SophosMal/Behav-035
ComodoMalware@#burqt95p9hpv
F-SecureTrojan.TR/Dropper.Gen
TrendMicroTROJ_GEN.R002C0DFR22
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
APEXMalicious
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.Agent
KingsoftWin32.Heur.KVMH008.a.(kcloud)
ZoneAlarmBackdoor.MSIL.Hakops.bq
MicrosoftPWS:Win32/Sifre.A
GoogleDetected
MalwarebytesMalware.AI.975058464
ZonerProbably Heur.ExeHeaderL
RisingBackdoor.Hakops!8.1097C (CLOUD)
YandexTrojanSpy.VB!STE9pPp2Mnw
IkarusVirus.Win32.Vundo
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.NWB!tr.spy
AVGSf:Zbot-JN [PUP]
PandaTrj/Genetic.gen

How to remove PWS:Win32/Sifre.A?

PWS:Win32/Sifre.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment