Rootkit

Rootkit.Win32.Websx information

Malware Removal

The Rootkit.Win32.Websx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Rootkit.Win32.Websx virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Rootkit.Win32.Websx?



File Info:

name: F8B35D2839CAC52172DE.mlw
path: /opt/CAPEv2/storage/binaries/3be482bb455bc2c4351401ce3fb53f095c31c14455a9735ad882f43788926514
crc32: 947BAB0D
md5: f8b35d2839cac52172ded0658016db4b
sha1: 46907ea085d2fbd2c68b8ebc9f452886d3f5861e
sha256: 3be482bb455bc2c4351401ce3fb53f095c31c14455a9735ad882f43788926514
sha512: 96b4b0aca36dddb23f8cf1844c8897ba5b93ca53dd5216659d1e7d6b11220c31e6f210d46336ae2b5da28d8009188b1a5022e60df736a6c6ef6d6ddaa8ddd2db
ssdeep: 24576:A12kUumfPls0/AVvgBr7massEwCLFJjmiPLovaLpadJtAbbYihVZn8eHwspnh2hB:aMs7NLeiPQ2qAlVZ8etFAx2PoB66b78A
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T151E5AE13F651C0B6D1691A7115B6533ABA70AF421E20CBD7DBA4FDB52C723A0AB3720D
sha3_384: 3d3c7aa7775552426235c619d0d1069e792a5d112369da924076b8b485cedfd662eb2410676aed75a3cf053193b4fddb
ep_bytes: 558bec6aff6878b36c0068943b520064
timestamp: 2022-06-12 17:48:33


Version Info:

FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Rootkit.Win32.Websx also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Rootkit.22096
MicroWorld-eScanGen:Variant.Graftor.736302
FireEyeGeneric.mg.f8b35d2839cac521
McAfeeArtemis!F8B35D2839CA
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
CrowdStrikewin/malicious_confidence_60% (D)
AlibabaRootkit:Win32/FlyStudio.90b9f6ba
K7GWTrojan ( 005246d51 )
K7AntiVirusTrojan ( 005246d51 )
BitDefenderThetaGen:NN.ZexaF.34742.ht0@aCZ12alb
CyrenW32/OnlineGames.HG.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/FlyStudio.Injector.D potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002C0WFH22
ClamAVWin.Downloader.Snojan-9891313-0
KasperskyHEUR:Rootkit.Win32.Websx.gen
BitDefenderGen:Variant.Graftor.736302
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Graftor.736302
EmsisoftGen:Variant.Graftor.736302 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
TrendMicroTROJ_GEN.R002C0WFH22
McAfee-GW-EditionBehavesLike.Win32.Trojan.wh
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.161DS2T
JiangminTrojan.Injuke.ovy
MAXmalware (ai score=87)
ZoneAlarmHEUR:Rootkit.Win32.Websx.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.C5109284
VBA32BScope.Trojan.Tiggre
ALYacGen:Variant.Graftor.736302
MalwarebytesPUP.Optional.ChinAd
APEXMalicious
RisingTrojan.MalCert!1.CF97 (CLASSIC)
IkarusPUA.BlackMoon
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.ELG!tr.pws
AVGWin32:Malware-gen
Cybereasonmalicious.839cac

How to remove Rootkit.Win32.Websx?

Rootkit.Win32.Websx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment