Malware

Strictor.173251 (file analysis)

Malware Removal

The Strictor.173251 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Strictor.173251 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the NetWire malware family

How to determine Strictor.173251?



File Info:

name: 86DA8CC67DA4BF264EB5.mlw
path: /opt/CAPEv2/storage/binaries/d09fc9c8b12bde7c8c0bbedec7262b8086aa0ebb529a8e231b098afab69229aa
crc32: DFFA0B51
md5: 86da8cc67da4bf264eb5ef8cb0ad8452
sha1: f76d5e32849bdb3696293565b5694f4131445483
sha256: d09fc9c8b12bde7c8c0bbedec7262b8086aa0ebb529a8e231b098afab69229aa
sha512: 8b5fa32986bd17398c0f5918560cdfbc6993d9c69066ff859dc192f6388cd263bb9fcb9e821315737ef4c3e31a90b3cb395dbad5acfbc0345b1dd362f9639766
ssdeep: 98304:IMryTmxRdk6tVOfALLIVjnz25r/8XnveOZxho:6KxRBt84Ehur/82iPo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11B162322BB938035C1B366B14EBFF76A963DE9260327C5D727C429315DA04817B297F2
sha3_384: e674f3c4fea0fe03503b15cf0e1bbfa2a92ab15daf315330c5d16e8a810ca9ea797868ba412bd9a7643f836447855b29
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2011-12-23 10:59:31


Version Info:

Comments: EMV chip writer by paws
CompanyName: EMV chip software
FileDescription: EMV chip writer by paws
FileVersion: 10.2.0.0
InternalName: EMVMX.exe
LegalCopyright: 2015-2020
OriginalFilename: EMVsoftware.exe
ProductName: EMVsoftware
ProductVersion: 10.2.0.0
Assembly Version: 10.2.0.0
Translation: 0x0809 0x04b0

Strictor.173251 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Recam.l!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.173251
FireEyeGeneric.mg.86da8cc67da4bf26
CylanceUnsafe
ZillyaTrojan.Scar.Win32.101065
SangforVirus_Suspicious.Win32.Sality.bh
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/DelfInject.ali2000015
K7GWTrojan ( 700000111 )
Cybereasonmalicious.67da4b
VirITWin32.Sality.BI
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.Autoit.DCF
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Spy.Win32.Recam.amtw
BitDefenderGen:Variant.Strictor.173251
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
AvastWin32:Sality [Inf]
RisingTrojan.Generic@ML.100 (RDML:Z7AH3YYtxQ6ky3rBGuDLdg)
Ad-AwareGen:Variant.Strictor.173251
EmsisoftGen:Variant.Strictor.173251 (B)
DrWebTrojan.Siggen11.55601
VIPREVirus.Win32.Sality.atbh (v)
TrendMicroPE_SALITY.ER
McAfee-GW-EditionBehavesLike.Win32.Agent.wc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Strictor.173251
JiangminTrojanSpy.Recam.cji
AviraTR/Patched.Ren.Gen
GridinsoftRansom.Win32.Wacatac.sa
ViRobotTrojan.Win32.Z.Strictor.4082735
MicrosoftTrojan:Script/Phonzy.A!ml
CynetMalicious (score: 100)
Acronissuspicious
ALYacGen:Variant.Strictor.173251
MAXmalware (ai score=80)
VBA32TrojanSpy.Recam
TrendMicro-HouseCallPE_SALITY.ER
TencentWin32.Trojan.Injector.Ecuk
IkarusTrojan-Downloader.Win32.Genome
MaxSecureTrojan.Autoit.AZA
FortinetW32/Injector_Autoit.DCF!tr
AVGWin32:Sality [Inf]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Strictor.173251?

Strictor.173251 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment