Malware

About “Symmi.14907 (B)” infection

Malware Removal

The Symmi.14907 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.14907 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Symmi.14907 (B)?



File Info:

name: 275788572108F0521B4B.mlw
path: /opt/CAPEv2/storage/binaries/9f8f50949195356608ac165a820e577018ddf669b134aa12b6cd4dfc00432ac5
crc32: 8C9686CD
md5: 275788572108f0521b4beb144b28cf85
sha1: ae4d8c79bb4ccd36547d2d1e034e1e0522f228e9
sha256: 9f8f50949195356608ac165a820e577018ddf669b134aa12b6cd4dfc00432ac5
sha512: 8870238378d92c77a8654daf93d04b71d675cdf34073fcba457d87dc59058cd4b184c137903189bd4aa6549ad4fca52db4dd34d9d0d60e71ca3b73ebbc464a9f
ssdeep: 6144:gKC2BsHkq8xJYdOBeJuESHr4YcMeC9yNY1W9nN01pinhX1KJfNt9jPtPbbVjs/jV:W2BsHkq8xJYdsEC4YcMeY+iutZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12784F92B67A0F96AE525CBF43D6C43648569B83114A6EC1BEAC01F1973F5D878237323
sha3_384: 53266aca0697a8dfef1f309192cadd9cb6bdf8f60a71fe15bc48f3fc9a5d08101822df57f7660f985c31ff32aa5235d8
ep_bytes: 6878484000e8f0ffffff000000000000
timestamp: 2012-10-13 03:48:59


Version Info:

Translation: 0x0409 0x04b0
ProductName: twinemaking
FileVersion: 5.74
ProductVersion: 5.74
InternalName: nonusurping
OriginalFilename: nonusurping.exe

Symmi.14907 (B) also known as:

BkavW32.AIDetectMalware
AVGWin32:VB-AIYR [Trj]
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Autoruner1.28016
MicroWorld-eScanGen:Variant.Symmi.14907
FireEyeGeneric.mg.275788572108f052
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.fm
McAfeeGenDownloader.rv
MalwarebytesVBObfus.Worm.Spreader.DDS
SangforSuspicious.Win32.Save.vb
K7GWEmailWorm ( 0054d10f1 )
K7AntiVirusEmailWorm ( 0054d10f1 )
BitDefenderThetaGen:NN.ZevbaF.36804.xm1@aSBXibli
VirITTrojan.Win32.VB.CODE
SymantecW32.Changeup
ESET-NOD32a variant of Win32/VBObfus.CZ
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.ykh
BitDefenderGen:Variant.Symmi.14907
NANO-AntivirusTrojan.Win32.WBNA.cnioca
AvastWin32:VB-AIYR [Trj]
TencentWorm.Win32.Vobfus.kat
EmsisoftGen:Variant.Symmi.14907 (B)
F-SecureTrojan.TR/Symmi.3566984
BaiduWin32.Worm.Pronny.d
VIPREGen:Variant.Symmi.14907
TrendMicroWORM_VOBFUS.SMIV
SophosMal/VB-AGA
SentinelOneStatic AI – Suspicious PE
JiangminWorm/WBNA.dhin
Webroot
VaristW32/VB.HE.gen!Eldorado
AviraTR/Symmi.3566984
MAXmalware (ai score=82)
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.998
MicrosoftWorm:Win32/Vobfus.JX
XcitiumTrojWare.Win32.Pronny.EE@4qvpy8
ArcabitTrojan.Symmi.D3A3B
ZoneAlarmWorm.Win32.Vobfus.ykh
GDataGen:Variant.Symmi.14907
GoogleDetected
AhnLab-V3Worm/Win32.Vobfus.R42639
VBA32BScope.Trojan.Diple
ALYacGen:Variant.Symmi.14907
TACHYONWorm/W32.Vobfus.376888
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMIV
RisingMalware.FakeFolder/ICON!1.6AC4 (CLASSIC)
YandexTrojan.GenAsa!9333E1wWfDI
IkarusWorm.Win32.Vobfus
MaxSecureTrojan.Malware.4707689.susgen
FortinetW32/VBKrypt.C!tr
DeepInstinctMALICIOUS

How to remove Symmi.14907 (B)?

Symmi.14907 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment