Malware

Server-FTP.Win32.SFH.wbq information

Malware Removal

The Server-FTP.Win32.SFH.wbq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Server-FTP.Win32.SFH.wbq virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Server-FTP.Win32.SFH.wbq?



File Info:

name: 57D11FF9CEC2F8E3867B.mlw
path: /opt/CAPEv2/storage/binaries/d416648208c56cfbb28109ff92e037e51b2ea313fc7cb70ecae8221e5711cd51
crc32: C014D0F3
md5: 57d11ff9cec2f8e3867bfe449bd4adfc
sha1: 4bf9d160112eefbc4d11d576fa31c20f48bf4d1e
sha256: d416648208c56cfbb28109ff92e037e51b2ea313fc7cb70ecae8221e5711cd51
sha512: 1a4d51899e479dd1fae83b1332f17a3e429ce72dc72a982c0989f7f846bb4f73bf861b7d8c900ecb0f31e41e8c32fff65f890f1c0e145cf95570e2debde7d227
ssdeep: 12288:spn13N9BaYbKy47rQnqLFCVs56opIczpztp28qXrHNgLV4Ed:sd19faW347tGs56opI4zj27Xr+4U
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T176C423153AA04067E3AA13BC077976FBF7B064809790B9D317E4AF1B2E603C76B1859C
sha3_384: a52beca3c81b5327be4bf6e1e1adbdbc524d2afa3a939e7f86ab1d527e7d3dc22694d32e343c2cbd9f707b6dd7ce586b
ep_bytes: 81ec840100005355565733db68018000
timestamp: 2016-04-02 03:20:13


Version Info:

0: [No Data]

Server-FTP.Win32.SFH.wbq also known as:

LionicRiskware.Win32.SFH.1!c
MalwarebytesGeneric.Malware/Suspicious
SangforTrojan.Win32.Tftpd.Vsfj
CrowdStrikewin/grayware_confidence_60% (W)
K7GWUnwanted-Program ( 004b9cdc1 )
K7AntiVirusUnwanted-Program ( 004b9cdc1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TFTPD32.A potentially unsafe
APEXMalicious
CynetMalicious (score: 100)
Kasperskynot-a-virus:Server-FTP.Win32.SFH.wbq
NANO-AntivirusTrojan.Win32.TFTPD32.iwkgib
AvastWin32:Malware-gen
RisingTrojan.Generic@AI.88 (RDML:CAEVXYfFp/IgTFAsnSDQWg)
SophosGeneric Reputation PUA (PUA)
XcitiumApplicUnwnt@#2177lvjuhxs6h
MicrosoftPUA:Win32/Presenoker
ZoneAlarmnot-a-virus:Server-FTP.Win32.SFH.wbq
VBA32BScope.Riskware.SFH
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R002H07E123
AVGWin32:Malware-gen

How to remove Server-FTP.Win32.SFH.wbq?

Server-FTP.Win32.SFH.wbq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment