Malware

Strictor.235869 (B) malicious file

Malware Removal

The Strictor.235869 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Strictor.235869 (B) virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Deletes its original binary from disk
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: update.dat, F1BE1D09.EXE
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Strictor.235869 (B)?



File Info:

crc32: 5708C61F
md5: e0e71653d125295cf1348257beba044a
name: update.dat
sha1: a69734fa7ce3e67a1500c702d1ea606baa4358ee
sha256: ef5e78ad7c42dba12eef9f71313f40751e9f8b82428968b4ab0684c0d5c63da9
sha512: 603afccb5f2644b18eabb705ecf816571f5214896d0b2988aa22743a37fe8419b9bb66ae7e0c011074ba30137fde1e068b0f956c70a3e3083480a2a0c956f4fd
ssdeep: 196608:I/Ts8s139XQx+o+c+bayIOYr6z8n+DiZl61Q8z:I/Ts8s59AJc/YH+eb61Q8z
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

Translation: 0x0409 0x04b0
InternalName: PVLOL LOADER
FileVersion: 1.00
CompanyName: Microsoft Coporation
Comments: Microsoft Coporation
ProductName: Microsoft Coporation
ProductVersion: 1.00
FileDescription: Microsoft Coporation
OriginalFilename: PVLOL LOADER.EXE

Strictor.235869 (B) also known as:

BkavHW32.Packed.
MicroWorld-eScanGen:Variant.Strictor.235869
FireEyeGeneric.mg.e0e71653d125295c
McAfeeArtemis!E0E71653D125
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Variant.Strictor.235869
APEXMalicious
GDataGen:Variant.Strictor.235869
KasperskyHEUR:Backdoor.Win32.ZAccess.vho
AvastWin32:Trojan-gen
Ad-AwareGen:Variant.Strictor.235869
SophosMal/Generic-S
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Strictor.235869 (B)
SentinelOneDFI – Malicious PE
WebrootW32.Trojan.Gen
Endgamemalicious (high confidence)
ArcabitTrojan.Strictor.D3995D
ZoneAlarmHEUR:Backdoor.Win32.ZAccess.vho
MicrosoftTrojan:Win32/Wacatac.C!ml
AhnLab-V3Trojan/Win32.RL_Generic.R301828
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34122.@F0aaGx72fji
ALYacGen:Variant.Strictor.235869
MAXmalware (ai score=88)
MalwarebytesTrojan.MalPack.Themida
ESET-NOD32a variant of Win32/Packed.Themida.HFL
TrendMicro-HouseCallTROJ_GEN.R015H0CEM20
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazrfQUEiL36dpmJOLtAtZr8z)
IkarusTrojan.Win64.Themida
eGambitUnsafe.AI_Score_99%
FortinetW32/ZAccess.VHO!tr.bdr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen

How to remove Strictor.235869 (B)?

Strictor.235869 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment