Malware

Strictor.257322 (file analysis)

Malware Removal

The Strictor.257322 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Strictor.257322 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Anomalous binary characteristics

How to determine Strictor.257322?



File Info:

name: 480A2FF8CFB5D8823243.mlw
path: /opt/CAPEv2/storage/binaries/a440d5ed8d2f4da8600aca69b88279818f53d8058e520f70fa5214b9611fdb94
crc32: F790839C
md5: 480a2ff8cfb5d8823243a7e3629ac011
sha1: 1440d05b3cb3aaa8f767b1282877c7c1ebaba1e6
sha256: a440d5ed8d2f4da8600aca69b88279818f53d8058e520f70fa5214b9611fdb94
sha512: 6ae7802d4836257f0233c7a1e0e8031381294ec8a51f15c9dd4ff586c41cdfedab88d871a06ab7b7ef61b43a9813b72a85abcc791c87c8a53fa5444eae576744
ssdeep: 49152:QJgnHSJRhyxpE7lOrUoFKgdgPUAitZGl04r+w:Q+nM77lOrHFwPUAiGr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167C5AE12BB41C033E6620670997EAB77957D7A30172581DBF3D05E2D2DB09C3AA36B1B
sha3_384: 23402d0dd092dfc6da8c4728de707e73d9fdefe5da6ef7d2637fba0a45c4ef66c19ecb7735b86a110c2a580dd8f6790c
ep_bytes: e8440e0000e98efeffffe97ffcffff55
timestamp: 2020-08-22 02:28:35


Version Info:

FileDescription: yptips
FileVersion: 1.0.0.1
LegalCopyright: Copyright 2010-2020
ProductName: yptips
ProductVersion: 1.0.0.1
Translation: 0x0804 0x04b0

Strictor.257322 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.257322
FireEyeGeneric.mg.480a2ff8cfb5d882
CAT-QuickHealPUA.YmaccoRI.S20038856
ALYacGen:Variant.Strictor.257322
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 005659761 )
AlibabaAdWare:Win32/KuaiZip.db823943
K7GWAdware ( 005659761 )
Cybereasonmalicious.8cfb5d
CyrenW32/KuaiZip.M.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/KuaiZip.AB potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R035C0PKO21
Paloaltogeneric.ml
Kasperskynot-a-virus:HEUR:AdWare.Win32.KuziTui.gen
BitDefenderGen:Variant.Strictor.257322
TencentUw:Adware.Win32.Kuzitui.b
Ad-AwareGen:Variant.Strictor.257322
SophosKuaiZip (PUA)
ZillyaAdware.KuziTui.Win32.895
TrendMicroTROJ_GEN.R035C0PKO21
McAfee-GW-EditionBehavesLike.Win32.Generic.vh
EmsisoftGen:Variant.Strictor.257322 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.1SMNA4A
JiangminAdWare.KuziTui.rh
AviraHEUR/AGEN.1142676
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.30F3530
GridinsoftRansom.Win32.Gen.sa
MicrosoftPUAAdvertising:Win32/KuaiZip
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R358815
McAfeeGenericRXPP-OD!480A2FF8CFB5
VBA32BScope.Adware.Burden
MalwarebytesAdware.Kuaizip
APEXMalicious
RisingAdware.Agent!1.C6CF (CLASSIC)
IkarusTrojan.Zenpak
MaxSecureAdware.Heur.Adware.Win32.gen_187453
FortinetAdware/KuaiZip.AB
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Strictor.257322?

Strictor.257322 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment