Malware

How to remove “Symmi.55426”?

Malware Removal

The Symmi.55426 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Symmi.55426 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Arabic (Lebanon)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Symmi.55426?


File Info:

name: C65B5DFE774766109560.mlw
path: /opt/CAPEv2/storage/binaries/80d75574f6f9eaa81795b28bd27004da469594ab5f24a91df80660c6302270a3
crc32: 9FCDC595
md5: c65b5dfe774766109560ea9d9e1fb4b0
sha1: d1173c6cdf1eed0768a567a8ffad296aa9c05df3
sha256: 80d75574f6f9eaa81795b28bd27004da469594ab5f24a91df80660c6302270a3
sha512: d4457237f3b8b81780bc33a998b0d2f8efd00391b18f49cb70e1ee643c4679210913e08eb7f56c830c9d691d7e2dbe5012d68d10c46538c5245045f7f67ddad1
ssdeep: 12288:oCjCI7zwHO2ZUcIy20PVvUpOkQgTAyWHsFs8HMC:ZjCIXwnmcIyToOrgTiHWfHMC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C594E115B1E0C373D57751701BB19EF24939A4B43B688C9B7F8403AA6E60ED88A3778D
sha3_384: fc68129f8c915c780efda826a1020867a1fcf65829d4c316ce2cdad4f7ab46bf7a42983271fb0f47012a4cbaf61723ba
ep_bytes: e872760000e978feffffcccccccccccc
timestamp: 2015-08-08 21:48:58

Version Info:

CompanyName: Oleg N. Scherbakov
FileDescription: 7z Setup SFX (x86)
FileVersion: 1.5.0.2712
InternalName: 7ZSfxMod
LegalCopyright: Copyright © 2005-2012 Oleg N. Scherbakov
OriginalFilename: 7ZSfxMod_x86.exe
PrivateBuild: December 30, 2012
ProductName: 7-Zip SFX
ProductVersion: 1.5.0.2712
Translation: 0x0000 0x04b0

Symmi.55426 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.mCAD
Elasticmalicious (high confidence)
DrWebTrojan.Encoder.1727
MicroWorld-eScanGen:Variant.Symmi.55426
FireEyeGeneric.mg.c65b5dfe77476610
ALYacGen:Variant.Symmi.55426
CylanceUnsafe
ZillyaTrojan.Cidox.Win32.6838
SangforTrojan.Win32.AGEN.1036050
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Kryptik.38d04558
K7GWTrojan ( 004cef571 )
K7AntiVirusTrojan ( 004cef571 )
BitDefenderThetaGen:NN.ZexaF.34232.Aq0@aKuME3gO
CyrenW32/Agent.XL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.DSVZ
TrendMicro-HouseCallRansom_CRYPTESLA.SMA8
Paloaltogeneric.ml
ClamAVWin.Packed.Gamarue-7724251-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.55426
NANO-AntivirusTrojan.Win32.Cidox.dvbhjo
SUPERAntiSpywareTrojan.Agent/Gen-Malagent
AvastWin32:Androp [Drp]
TencentWin32.Trojan.Generic.Sxod
Ad-AwareGen:Variant.Symmi.55426
SophosMal/Generic-R + Mal/Wonton-BB
ComodoTrojWare.Win32.Droma.EQJ@6b1t5k
BaiduWin32.Trojan.Kryptik.aio
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_CRYPTESLA.SMA8
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
EmsisoftGen:Variant.Symmi.55426 (B)
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Symmi.55426
JiangminTrojan/Cryptodef.rj
AviraHEUR/AGEN.1213811
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Cidox
GridinsoftRansom.Win32.Zbot.sa
ViRobotTrojan.Win32.CryptoWall.285696
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Ropest.J
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.MDA.R161682
Acronissuspicious
McAfeePWSZbot-FANG!C65B5DFE7747
VBA32Hoax.Cryptodef
MalwarebytesTrojan.Kovter.ED
APEXMalicious
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!5il1+X9TyN8
SentinelOneStatic AI – Suspicious PE
FortinetW32/Kryptik.DTSF!tr
WebrootW32.Trojan.GenKD
AVGWin32:Androp [Drp]
Cybereasonmalicious.e77476
PandaTrj/Genetic.gen

How to remove Symmi.55426?

Symmi.55426 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment