Malware

Strictor.191254 malicious file

Malware Removal

The Strictor.191254 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Strictor.191254 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Strictor.191254?



File Info:

name: A76BCC80A582B15DE4FE.mlw
path: /opt/CAPEv2/storage/binaries/02c7cf7c437c40f706051f2f969a46ae8b9eaec73eebc76f46cce279cb357e50
crc32: D828639B
md5: a76bcc80a582b15de4fe4c8a757da867
sha1: f614cc6be57f1e25ad38ae8dfcadc5795b9f713f
sha256: 02c7cf7c437c40f706051f2f969a46ae8b9eaec73eebc76f46cce279cb357e50
sha512: 99fbc33a46451094bae4ddeddf45f50852bae73ae4a1e221dd09e61c86aaefc48664f2bbb84c8d92a65d53c8968411986a557499fc54a56f35135266a4f264b0
ssdeep: 24576:7FtNfmEvX+i/hoTx/qyAXXGi1AH1ga2ZrLKQNJ3o8yZl25K:7FtNeEfI1qjCH1ga2hC8A20
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11F2523E2D988011DD5FD9CF4813E69A58C0F6C2A580739E4DB82F9408B7BAD4D49FB1B
sha3_384: 2723fdb87f14e17f7b4c184032c23e7a17c37752f9ebccbb5a054a2034572326f2ae6083a9442447fb02c8bb022cf59a
ep_bytes: 60be00b04a008dbe0060f5ff57eb0b90
timestamp: 2019-04-02 10:34:38


Version Info:

Translation: 0x0809 0x04b0

Strictor.191254 also known as:

LionicTrojan.Script.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Strictor.191254
FireEyeGeneric.mg.a76bcc80a582b15d
ALYacGen:Variant.Strictor.191254
CylanceUnsafe
K7AntiVirusTrojan ( 0054b0fe1 )
AlibabaTrojan:Win32/AutInject.417b2b21
K7GWTrojan ( 0054b0fe1 )
Cybereasonmalicious.0a582b
VirITTrojan.Win32.MulDrop9.JHT
CyrenW32/AutoIt.RJ.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Injector.Autoit.DVU
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Generic-6667047-0
KasperskyHEUR:Trojan.Script.Generic
BitDefenderGen:Variant.Strictor.191254
AvastWin32:Trojan-gen
TencentWin32.Trojan.Autoit.Lmkp
Ad-AwareGen:Variant.Strictor.191254
SophosMal/Generic-R + Mal/AuItInj-A
ComodoMalware@#1j2xzew40gsb5
DrWebTrojan.MulDrop9.6285
ZillyaAdware.Autoit.Win32.49
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.dc
EmsisoftGen:Variant.Strictor.191254 (B)
GDataGen:Variant.Strictor.191254
AviraTR/AD.Inject.ergum
MAXmalware (ai score=100)
MicrosoftTrojan:Win32/Occamy.C
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C3139330
Acronissuspicious
McAfeeGenericRXAA-AA!A76BCC80A582
VBA32Trojan.Autoit
MalwarebytesSpyware.HawkEyeKeyLogger
RisingTrojan.Autoit!8.150 (CLOUD)
IkarusWorm.Win32.FileCrypter
MaxSecureTrojan.Malware.300983.susgen
FortinetAutoIt/Injector.DVU!tr
BitDefenderThetaAI:Packer.E887835717
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Strictor.191254?

Strictor.191254 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment