Malware

Symmi.5265 (file analysis)

Malware Removal

The Symmi.5265 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.5265 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Symmi.5265?



File Info:

name: F8732750D80A767F5E5B.mlw
path: /opt/CAPEv2/storage/binaries/1a92b49114bb1157cc96ed87ed8e29c3f2f3399e667f6a80e17978735b159575
crc32: ACD8902C
md5: f8732750d80a767f5e5b9978b7c128e0
sha1: b0faecadb8ebd6afbd603aa61665557affddc2d6
sha256: 1a92b49114bb1157cc96ed87ed8e29c3f2f3399e667f6a80e17978735b159575
sha512: edabc87785d9bcf9aa85b85945490a52d0cec19ecd53bc8d72ae6e58eec8cf78fd7a23b246ff4d22b699505c684f6fe5a45525248f837d7d75c64e3bd5877a4d
ssdeep: 768:bs8yt3Due+V/O2NYiI6tkWCD23xd/5/19SL:boYJVWc99t1Cy3//sL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17503CF85A5A38531EC218BBD1DA5408BAF3D3A899D6580BB8CD7DCE88C5E738045D3B7
sha3_384: 7699d2b3980a79c224c7dc360ecfd0972718b4bb89bbe1cac704411f847a30c6a7a6e7080b20c5a90a733f99a01a7bbf
ep_bytes: 558bec83c4f0b840434000e8f0f2ffff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: ICQ, LLC.
FileDescription: ICQ
FileVersion: 7.8.0.6800
InternalName: ICQ
LegalCopyright: Copyright (c) 1998-2010 ICQ, LLC.
LegalTrademarks: 
OriginalFilename: ICQ.exe
ProductName: ICQ
ProductVersion: 7.8.0.6800
DistId: 30015
Translation: 0x0409 0x04b0

Symmi.5265 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Yakes.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 99)
FireEyeGeneric.mg.f8732750d80a767f
ALYacGen:Variant.Symmi.5265
CylanceUnsafe
VIPRETrojan.Win32.Ransomware.B (v)
SangforTrojan.Win32.Symmi.frBR
K7AntiVirusTrojan ( 0040f2c31 )
AlibabaVirTool:Win32/Obfuscator.3aa49497
K7GWTrojan ( 0040f2c31 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITBackdoor.Win32.Tishop.Q
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.YHK
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.5265
NANO-AntivirusTrojan.Win32.Tishop.zyhnk
ViRobotTrojan.Win32.A.Yakes.40448.K
MicroWorld-eScanGen:Variant.Symmi.5265
AvastWin32:Citadel-AD [Trj]
TencentWin32.Trojan.Generic.Edxb
Ad-AwareGen:Variant.Symmi.5265
EmsisoftGen:Variant.Symmi.5265 (B)
ComodoTrojWare.Win32.Kryptik.NEWA@4rfpbi
DrWebBackDoor.Tishop
ZillyaTrojan.Yakes.Win32.7081
TrendMicroTROJ_RANSOM.SMO6
McAfee-GW-EditionPWS-Zbot.gen.aom
SophosMal/Generic-R + Mal/EncPk-AGD
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Symmi.5265
WebrootTrojan.Dropper.Gen
AviraTR/Zusy.2559875
MAXmalware (ai score=100)
Antiy-AVLTrojan[Dropper]/Win32.Injector
KingsoftWin32.Troj.Yakes.(kcloud)
ArcabitTrojan.Symmi.D1491
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanDownloader:Win32/Dofoil.R
AhnLab-V3Spyware/Win32.Zbot.R41152
McAfeePWS-Zbot.gen.aom
VBA32Malware-Cryptor.Inject.gen
MalwarebytesMalware.AI.621744724
TrendMicro-HouseCallTROJ_RANSOM.SMO6
RisingDownloader.Dofoil!8.322 (CLOUD)
YandexTrojan.Injector!w7LJtemktmo
IkarusTrojan.Win32.Yakes
MaxSecureTrojan.Malware.4720552.susgen
FortinetW32/Injector.WCT!tr
BitDefenderThetaGen:NN.ZelphiF.34212.cG0@a8xq@Aoi
AVGWin32:Citadel-AD [Trj]
Cybereasonmalicious.0d80a7
PandaTrj/Velphi.b

How to remove Symmi.5265?

Symmi.5265 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment