What is "RiskWare.MalPack"?

The RiskWare.MalPack is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What RiskWare.MalPack virus can do?

Executable code extraction
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine RiskWare.MalPack?


File Info:
crc32: D34D6CFC
md5: 0b90efa206a673711927e964e04a2751
name: 0B90EFA206A673711927E964E04A2751.mlw
sha1: 0307f944a0d7c194229864394de9241869ee4895
sha256: f5edb6ade99731dc45619fb88c290522cd769f9c9105d47a609349ba6cd34104
sha512: 0fa151b0379fd5dc6412235f72872385e09426a4c9f905a335d7e726e3552d2348b70f7dd05fa6a7b49794b6fa95d3253cac930c6aaf8fe76a63c50ad2c40808
ssdeep: 24576:R4nXubIQGyxbPV0db26m60knhQRLTaNFKEOdHjgK87HJ+efwAhedIccztSP4A0:Rqe3f6KhuNFPOZ5IXome5czcPx0
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: Arbitr, Inc.                                                
Comments: This installation was built with Inno Setup.
ProductName: Arbitr Secure Browsing                                      
ProductVersion: 1.0                                               
FileDescription: Arbitr Secure Browsing Setup                                
OriginalFileName:                                                   
Translation: 0x0000 0x04b0

RiskWare.MalPack also known as:

K7AntiVirus	Trojan ( 00555e461 )
Lionic	Trojan.Win32.Convagent.4!c
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.38029325
Cylance	Unsafe
Alibaba	Trojan:Win32/Cobalt.b861728e
K7GW	Trojan ( 00555e461 )
Cybereason	malicious.4a0d7c
Cyren	W32/MSIL_Kryptik.BWA.gen!Eldorado
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of MSIL/Kryptik.SLT
Avast	Win32:Trojan-gen
Kaspersky	Trojan.Win32.Cobalt.gyr
BitDefender	Trojan.GenericKD.38029325
MicroWorld-eScan	Trojan.GenericKD.38029325
Ad-Aware	Trojan.GenericKD.38029325
Sophos	Mal/Generic-S
TrendMicro	TROJ_GEN.R002C0GKI21
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
FireEye	Trojan.GenericKD.38029325
Emsisoft	Trojan.GenericKD.38029325 (B)
Avira	TR/Kryptik.jzzal
Microsoft	Trojan:Win32/Woreflint.A!cl
GData	Trojan.GenericKD.38029325
AhnLab-V3	Trojan/Win.Generic.R450594
McAfee	Artemis!0B90EFA206A6
MAX	malware (ai score=81)
VBA32	Trojan.Convagent
Malwarebytes	RiskWare.MalPack
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0GKI21
Ikarus	Trojan.MSIL.Crypt
Fortinet	MSIL/Kryptik.SLT!tr
AVG	Win32:Trojan-gen

How to remove RiskWare.MalPack?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “RiskWare.MalPack”?