Categories: Risk

RiskTool.Win32.SecurityXPloded.gb malicious file

The RiskTool.Win32.SecurityXPloded.gb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What RiskTool.Win32.SecurityXPloded.gb virus can do?

A file was accessed within the Public folder.
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Sample contains Overlay data
Uses Windows utilities for basic functionality
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Uses Windows utilities to create a scheduled task
CAPE detected the embedded win api malware family
Appears to use command line obfuscation
Deletes executed files from disk
Powershell arguments were seen on a command line but powershell.exe was not called. Likely indictive of renamed/obfuscated powershell.exe or defining arguments in variables for later use
Uses suspicious command line tools or Windows utilities
Yara detections observed in process dumps, payloads or dropped files

How to determine RiskTool.Win32.SecurityXPloded.gb?


File Info:
name: 098303C6E72AA4B522E8.mlwpath: /opt/CAPEv2/storage/binaries/3afc9129194ed67f666e81ec1677c10f7c1c83204eda44ffd10c096be3b7a2a1crc32: 6DA59260md5: 098303c6e72aa4b522e88c06e70da029sha1: f0cd04b3d759003bcf1c947f027acefc7ffc0836sha256: 3afc9129194ed67f666e81ec1677c10f7c1c83204eda44ffd10c096be3b7a2a1sha512: 3aa8800ac4beba44a375044b478233f1b803cbc4758a68b0e9e54c9ecc4512e977448651207321a6069bcf7ada3c51d678bf30f60dbc33f14ce2edddf29aee8dssdeep: 98304:wH23QMy3hLASvWD0H23QMy3hLASvWDkttZetEXTsACnD9Rp8zboIeOZeE9jWC4pb:s23AxL23AxbMEXYAQ3W9Sbtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T17E76CF613AD2C036D0621A70853DD6BA91A5BE708F72496B73CC3F3E3B758929531E27sha3_384: 0599af3f57eee4e98a91b47d69b57a39818e622e1db67099da792c84c142b245f584cc59998099fdeeee69e927fc615bep_bytes: e853060000e980feffffcccccc518d4ctimestamp: 2016-03-23 09:36:36
Version Info:
CompanyName: SecurityXplodedFileDescription: This installer database contains the logic and data required to install Outlook Password Decryptor.FileVersion: 7.0InternalName: Setup_OutlookPasswordDecryptorLegalCopyright: Copyright (C) 2016 SecurityXplodedOriginalFileName: Setup_OutlookPasswordDecryptor.exeProductName: Outlook Password DecryptorProductVersion: 7.0Translation: 0x0409 0x04b0

RiskTool.Win32.SecurityXPloded.gb also known as:

Bkav	W32.Common.49F54025
Lionic	Riskware.Win32.SecurityXPloded.1!c
tehtris	Generic.Malware
Skyhigh	BehavesLike.Win32.Dropper.wh
Cylance	unsafe
CrowdStrike	win/grayware_confidence_60% (D)
APEX	Malicious
Kaspersky	not-a-virus:RiskTool.Win32.SecurityXPloded.gb
Alibaba	RiskWare:Win32/SecurityXPloded.c1bbfed6
Rising	Downloader.Snojan!8.ECDD (CLOUD)
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.098303c6e72aa4b5
SentinelOne	Static AI – Malicious PE
Kingsoft	malware.kb.a.897
ZoneAlarm	not-a-virus:RiskTool.Win32.SecurityXPloded.gb
Cynet	Malicious (score: 100)
McAfee	Artemis!098303C6E72A
DeepInstinct	MALICIOUS
Malwarebytes	RiskWare.SecurityXploded
MaxSecure	Trojan.Malware.133076184.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:FileInfector-A [Heur]
Avast	Win32:FileInfector-A [Heur]