Malware

How to remove “Strictor.168186”?

Malware Removal

The Strictor.168186 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Strictor.168186 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • CAPE detected the Formbook malware family
  • Connects to/from or queries a remote desktop session
  • Uses suspicious command line tools or Windows utilities

How to determine Strictor.168186?



File Info:

name: 5FAEB2EBF604AA1DD8FB.mlw
path: /opt/CAPEv2/storage/binaries/232a589dbfc253a3ef88175722bce1d85090a21bcbf69f4d1f90898e476fc87b
crc32: 6D1B85F5
md5: 5faeb2ebf604aa1dd8fbba1b75441d1e
sha1: 88aa89309352ee2234c649e98a34e7b0b788d568
sha256: 232a589dbfc253a3ef88175722bce1d85090a21bcbf69f4d1f90898e476fc87b
sha512: 223c133ac63357c9c1a0ed973f0c4d3457ef23a9f5ca734f0393f91d4803b924462c2166d039d64ac29bd3a82a97ed6d71cf5a9622f5c2a3554694e6cf571d9e
ssdeep: 6144:EF2CCphqvjINCcdU8/PLLVdPKfcLIUP7JMAi1I:JpD+UIAUWPHVJIcLI+MAX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142341262B7D2C4BFCA7E15B0067A9A35FFB99C005290932A53C07A5F7C326825D0F19E
sha3_384: f3a167e71881ed366ed35a51b7e0eb7513e307f53f564ebcd8c25b7d3142cf62459740a19750417f55ad1332aa39f87c
ep_bytes: 81ec8401000053565733db6801800000
timestamp: 2017-08-01 00:34:02


Version Info:

CompanyName: Sysinternals - www.sysinternals.com
FileDescription: TCP/UDP endpoint viewer
FileVersion: 3.05
InternalName: TCPView
LegalCopyright: Copyright (C) 1998-2011 Mark Russinovich and Bryce Cogswell
ProductName: Sysinternals TCPView
ProductVersion: 3.05
Translation: 0x0409 0x04e4

Strictor.168186 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!e
Elasticmalicious (high confidence)
DrWebTrojan.Inject1.54688
MicroWorld-eScanGen:Variant.Strictor.168186
ALYacGen:Variant.Strictor.168186
CylanceUnsafe
K7AntiVirusTrojan ( 004f9b511 )
AlibabaTrojan:Win32/Inject.0d69c7ba
K7GWTrojan ( 004f9b511 )
Cybereasonmalicious.bf604a
VirITTrojan.Win32.Inject1.DCXK
ESET-NOD32Win32/Agent.YIJ
Paloaltogeneric.ml
KasperskyTrojan.Win32.Inject.ajibn
BitDefenderGen:Variant.Strictor.168186
NANO-AntivirusTrojan.Win32.Inject.fgivzp
SUPERAntiSpywareTrojan.Agent/Gen-TrickBot
AvastNSIS:CoinMiner-C [Trj]
TencentWin32.Trojan.Inject.Auto
Ad-AwareGen:Variant.Strictor.168186
SophosMal/Generic-S
ComodoMalware@#y6b9ik1nrwig
ZillyaTrojan.Inject.Win32.245666
McAfee-GW-EditionBehavesLike.Win32.Dropper.dc
FireEyeGeneric.mg.5faeb2ebf604aa1d
EmsisoftGen:Variant.Strictor.168186 (B)
IkarusTrojan-Ransom.Gryphon
GDataGen:Variant.Strictor.168186
WebrootTrojan.Spy.Trickbot
AviraHEUR/AGEN.1224854
ArcabitTrojan.Strictor.D290FA
MicrosoftTrojanDownloader:Win32/Emotet!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Yakes.C2469143
McAfeeArtemis!5FAEB2EBF604
VBA32Trojan.Inject
APEXMalicious
MAXmalware (ai score=99)
MaxSecureTrojan.Malware.12335725.susgen
FortinetW32/Injector.ABG!tr
AVGNSIS:CoinMiner-C [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Strictor.168186?

Strictor.168186 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment