Malware

About “Sirefef.582” infection

Malware Removal

The Sirefef.582 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Sirefef.582 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:50370
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Sirefef.582?



File Info:

name: 29EADC0E43E742F6CEFB.mlw
path: /opt/CAPEv2/storage/binaries/abc20291ac706fdbaf6c11da6af0ea72b473da34b4dfe6dbe554fba294ca04fd
crc32: 5FEAB786
md5: 29eadc0e43e742f6cefb33c1eaa91e05
sha1: 077f8ad2c90bdc15b028a0d5d114724fa637541f
sha256: abc20291ac706fdbaf6c11da6af0ea72b473da34b4dfe6dbe554fba294ca04fd
sha512: 8697ea07cb2ea4eb20309216db067a4666bfa82d7532200050771546b55c17f86c066bc1907a5786568874c7acccdc074fcf7dab31c0e230d0959b2baf52bfa8
ssdeep: 3072:J3OXt3wy70rjOuyzNu8aD+T9mNFrhRWKxAOGHLi+dGyc9oDwG/rl/xfrFcfO8xY:xM+y7c6tunzgdDrvDFmO8i
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T127C3F147B42C18BAF4401EF59E3123525BE1B41401BD8DC7DCCDEAAEAE5E1E24A787D2
sha3_384: 5801e43c9da2e2738b5739959963211443dff9525f24af9a066a42ebd54be985bc25bd19199a346c4ff61c597534335e
ep_bytes: 50c70424882f4000c3a29657ac672575
timestamp: 2008-03-06 07:45:02


Version Info:

FileDescription: MS Shell
FileVersion: 1, 0, 0, 2
LegalCopyright: Copyright (C) 2010
PrivateBuild: 1105
ProductVersion: 1, 0, 0, 2
Translation: 0x0409 0x04b0

Sirefef.582 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Sirefef.582
FireEyeGeneric.mg.29eadc0e43e742f6
ALYacGen:Variant.Sirefef.582
MalwarebytesMalware.Heuristic.1008
ZillyaTrojan.Kryptik.Win32.80362
SangforTrojan.Win32.Save.a
K7GWHacktool ( 700007861 )
Cybereasonmalicious.e43e74
CyrenW32/Goolbot.A.gen!Eldorado
SymantecTrojan.FakeAV!gen40
ESET-NOD32a variant of Win32/Kryptik.HKQ
APEXMalicious
CynetMalicious (score: 100)
KasperskyPacked.Win32.Krap.hx
BitDefenderGen:Variant.Sirefef.582
NANO-AntivirusTrojan.Win32.Krap.brfdu
Ad-AwareGen:Variant.Sirefef.582
EmsisoftGen:Variant.Sirefef.582 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.DownLoader45.2549
VIPREGen:Variant.Sirefef.582
TrendMicroBKDR_CYCBOT.SME2
McAfee-GW-EditionBehavesLike.Win32.FakeAVAVPSec.cc
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/FakeAV-BW
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Sirefef.582
JiangminPacked.Krap.dsjg
AviraTR/Crypt.XPACK.Gen
SUPERAntiSpywareTrojan.Agent/Gen-Fuffan
ZoneAlarmPacked.Win32.Krap.hx
MicrosoftBackdoor:Win32/Cycbot.B
AhnLab-V3Trojan/Win32.Zbot.R2111
McAfeeBackDoor-EXI.c
MAXmalware (ai score=84)
VBA32BScope.Trojan.Downloader
TrendMicro-HouseCallBKDR_CYCBOT.SME2
RisingTrojan.Generic@AI.94 (RDML:2Gm5GzbpfYCDFhkN5uf4tQ)
YandexTrojan.GenAsa!Z5Y7pjPNhJI
FortinetW32/Krap.GC!tr
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Sirefef.582?

Sirefef.582 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment