Categories: Malware

Strictor.280850 information

The Strictor.280850 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Strictor.280850 virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Executable file is packed/obfuscated with Themida
Authenticode signature is invalid
Checks for the presence of known windows from debuggers and forensic tools
Checks the version of Bios, possibly for anti-virtualization
Detects VirtualBox through the presence of a registry key
Anomalous binary characteristics
Binary compilation timestomping detected

How to determine Strictor.280850?


File Info:
name: 66235CF1D49A5D7059C4.mlwpath: /opt/CAPEv2/storage/binaries/b0ef9dba1ae209f98e395575eb895e78bbfd3bbfb74bf8c3a7ff01b3f1638a5dcrc32: 029FE076md5: 66235cf1d49a5d7059c42bddb1e4c705sha1: 31024537bf70671a69906da6e79f8f86eb1d9650sha256: b0ef9dba1ae209f98e395575eb895e78bbfd3bbfb74bf8c3a7ff01b3f1638a5dsha512: 49d789ad09bacb5789f4c8590bfa1c9323df0e5930a21585f7007a9d464cf5c0cea2052ff13d52f434ac61baae04399e3c0167698fe0d3ee99341ff956058913ssdeep: 98304:Yh4eLWtvlcX/P2oHo71y3A2t8mTgxsX0N4:PBiXzqywETgWItype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T159E5334B8CA44763EFEAD2B2C50B871EA33CBE0842A4C53754933D363A3894F7CA5556sha3_384: a722041d04feb4a86f623ffec9513885fed1d8ff1749e51a410490c46423767ea1f1ac3716f612f1cb5b797f1efe168aep_bytes: e84b0100005389e3538b73088b7b10fctimestamp: 2063-04-01 13:00:00
Version Info:
Translation: 0x0000 0x04b0Comments: CompanyName: FileDescription: MRAUTH.COM | Xiaomi Authentication LoaderFileVersion: 1.0.0.0InternalName: MRAUTH.exeLegalCopyright: Copyright ©  MRAUTH.COM 2023LegalTrademarks: OriginalFilename: MRAUTH.exeProductName: MRAUTH.COM | Xiaomi Authentication LoaderProductVersion: 1.0.0.0Assembly Version: 1.0.0.0

Strictor.280850 also known as:

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Strictor.280850
FireEye	Generic.mg.66235cf1d49a5d70
Skyhigh	BehavesLike.Win32.Generic.wc
VIPRE	Gen:Variant.Strictor.280850
Sangfor	Suspicious.Win32.Save.a
BitDefender	Gen:Variant.Strictor.280850
Cybereason	malicious.7bf706
BitDefenderTheta	Gen:NN.ZexaF.36792.hF0@ayTXx5oi
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Rising	Trojan.Generic@AI.100 (RDML:pISjsQpTo5q79pNYGKWwuw)
Sophos	Generic ML PUA (PUA)
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Strictor.280850 (B)
Ikarus	Trojan.Crypt
Varist	W32/Trojan.YJEH-0980
Kingsoft	malware.kb.a.772
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Arcabit	Trojan.Strictor.D44912
GData	Gen:Variant.Strictor.280850
Google	Detected
ALYac	Gen:Variant.Strictor.280850
MAX	malware (ai score=81)
DeepInstinct	MALICIOUS
Cylance	unsafe
Zoner	Probably Heur.ExeHeaderL
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
CrowdStrike	win/malicious_confidence_90% (D)