Risk

RiskWare.Repack (file analysis)

Malware Removal

The RiskWare.Repack is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What RiskWare.Repack virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering

How to determine RiskWare.Repack?


File Info:

name: C0C7DC0BA77B49CD9BD7.mlw
path: /opt/CAPEv2/storage/binaries/5e57a30ef5304cc600dbff91452b197e9c272b3ad273e65e7842cd74f78ba9da
crc32: 53E2C3FD
md5: c0c7dc0ba77b49cd9bd716d89bb1abfc
sha1: 586e45ac88e0dfb1db48ff7f55d0b7a26dcaea34
sha256: 5e57a30ef5304cc600dbff91452b197e9c272b3ad273e65e7842cd74f78ba9da
sha512: 02190eb9e8bd25ff828ca28d2b4473db84770841e7dd5701df7fcbf252dc79f91a2fffe5bb06f8ec07406d4cc160c1789fdb9043dc8030560b80a26316708f8b
ssdeep: 98304:lH0NhiaTvAPSyTulpeQOtbIp+EMt1gB2OnFSUL2mL:x02CiuTebtbIp+EO1gB2OnFPH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1342633D69AE8CEBDF1B45B3469E0F44178BB59DB083C7901739A35CE937109C421AEE2
sha3_384: a199a3f4bbe4df26f8b5906969b47562efbc3e0bd5a454c0162b0c00cb4456a941b04290124e5ebd8cb50b141c284309
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: lrepacks.ru
FileDescription: SereneScreen Marine Aquarium Setup
FileVersion: 3.3.6341.0
LegalCopyright:
ProductName: SereneScreen Marine Aquarium
ProductVersion: 3.3.6341
Translation: 0x0000 0x04b0

RiskWare.Repack also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Application.HackTool.Repack.1
ALYacGen:Variant.Application.HackTool.Repack.1
VIPREGen:Variant.Application.HackTool.Repack.1
SangforHacktool.Win32.Agent.296
Cybereasonmalicious.ba77b4
ESET-NOD32a variant of Win32/HackTool.Crack.KN potentially unsafe
CynetMalicious (score: 100)
BitDefenderGen:Variant.Application.HackTool.Repack.1
EmsisoftGen:Variant.Application.HackTool.Repack.1 (B)
FireEyeGen:Variant.Application.HackTool.Repack.1
SophosGeneric Reputation PUA (PUA)
GDataGen:Variant.Application.HackTool.Repack.1
ArcabitTrojan.Application.HackTool.Repack.1
GoogleDetected
MalwarebytesRiskWare.Repack
YandexTrojan.Igent.bURM8K.10
MaxSecureTrojan.Malware.121218.susgen
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_90% (W)

How to remove RiskWare.Repack?

RiskWare.Repack removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment