Categories: Malware

Symmi.3576 removal guide

The Symmi.3576 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Symmi.3576 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Loads a driver
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Starts servers listening on 127.0.0.1:0
Enumerates running processes
Reads data out of its own binary image
Attempts to modify Internet Explorer’s start page
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Attempts to stop active services
Installs itself for autorun at Windows startup
Attempts to modify proxy settings

How to determine Symmi.3576?


File Info:
name: 776A135009C4238FE296.mlwpath: /opt/CAPEv2/storage/binaries/01b032773a256b6f91698d25c0509d7e24b706acce885abab6aa6682f9d0d68acrc32: 5DBC66D0md5: 776a135009c4238fe296a7235a055a13sha1: ca582e3311fd89cb09ca43690057416de35918b5sha256: 01b032773a256b6f91698d25c0509d7e24b706acce885abab6aa6682f9d0d68asha512: 1b59905ad6c30986e80db5ad2fe961fb7e7bb9f249228b5ad9018bd794a9e30f54bbd218816a92d92538bbf59a16d018fd713ed7afb22028f1ff5ccfc973d008ssdeep: 24576:LGs56pI0lb0h36WRFpdrajdui0oDva9Kswjx+VVzQk3:8y0NE37Fp1ajdp0oDv6KRx+Vmktype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1BD652284F040F0A4D82722B9EEE6D6F9551B3DB9CE48409730E5BF0F76769930AB8C56sha3_384: c1da1a6908081bd8cb738a3db93fb2ad6618cb0b662ca9f76febb74a555c4579f38967a0b0d13f1c8a5f99656645c9e6ep_bytes: 60be000060008dbe0010e0ff5789e58dtimestamp: 2021-11-24 11:26:26
Version Info:
0: [No Data]

Symmi.3576 also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Symmi.3576
FireEye	Generic.mg.776a135009c4238f
ALYac	Gen:Variant.Symmi.3576
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005246d51 )
K7GW	Trojan ( 005246d51 )
Cybereason	malicious.009c42
BitDefenderTheta	Gen:NN.ZexaF.34084.AnIfaCdgplpb
Cyren	W32/StartPage.CR.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Kaspersky	not-a-virus:AdWare.Win32.Agent.gen
BitDefender	Gen:Variant.Symmi.3576
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Symmi.3576
Sophos	Mal/Behav-004
Comodo	Packed.Win32.MUPX.Gen@24tbus
DrWeb	Trojan.Fakealert.59676
Emsisoft	Gen:Variant.Symmi.3576 (B)
Ikarus	Trojan.Rootkit
GData	Win32.Trojan.PSE.12FI8JT
eGambit	Unsafe.AI_Score_100%
Avira	RKIT/Agent.lbwqw
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.FlyStudio.a
Arcabit	Trojan.Symmi.DDF8
APEX	Malicious
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R435497
Acronis	suspicious
McAfee	GenericRXAA-AA!776A135009C4
VBA32	Rootkit.Agent
Malwarebytes	Malware.AI.4261394939
Rising	HackTool.FlyStudio!1.A7FE (CLASSIC)
Yandex	Trojan.GenAsa!5ZqCJesO/UA
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/CoinMiner.65CA!tr
AVG	Win32:TrojanX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (D)