Malware

What is “Symmi.5590 (B)”?

Malware Removal

The Symmi.5590 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.5590 (B) virus can do?

  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics

How to determine Symmi.5590 (B)?



File Info:

name: F76698D976182E7276CC.mlw
path: /opt/CAPEv2/storage/binaries/0966da8166b99a28d91986d20a1965e0de7898e20b5b7bd912ff9d3e5e8dc565
crc32: 8128C9AA
md5: f76698d976182e7276cc88bc2d864d7e
sha1: 07885036039eadce5a8dbf5d3630d67dc38a7d9f
sha256: 0966da8166b99a28d91986d20a1965e0de7898e20b5b7bd912ff9d3e5e8dc565
sha512: 4e05dae5f08de69081ad31d874a69a28e24247c8c1c61a6e541fead2cbc7ffebcd43f53c240cb2dba89765461809be61027cbc7b78f3f746efcd18b180613ecb
ssdeep: 3072:z9YxrBYBbByGmo4Gsfx7MY5ezvSf502NkD2pDJ4t/nIIEZohIsl:z90EMGDsZ7552vs6IkD2DJ4t/tEZ0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A1141252A593BE3CC93583BD380B681B2B727ED06940C0F5878E6CAD74DBE4D6B11768
sha3_384: d2d41afe0f04c0bc3b5c42ff291dc1b835d1a9c7a17650e3b9e059e1d8b737472e97143231a6bfdd4b4ea7010f9d7a3f
ep_bytes: 558bec83c4f0b808414000e830f5ffff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: Opera Software
FileDescription: Opera Internet Browser
FileVersion: 1250
InternalName: Opera
LegalCopyright: Copyright © Opera Software 1995-2012
OriginalFilename: Opera.exe
ProductName: Opera Internet Browser
ProductVersion: 11.61
Translation: 0x0409 0x04b0

Symmi.5590 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.5590
FireEyeGeneric.mg.f76698d976182e72
ALYacGen:Variant.Symmi.5590
MalwarebytesTrojan.FakeAdobe
VIPRETrojan.Win32.Ransomware.B (v)
K7AntiVirusTrojan ( 0040f2c31 )
AlibabaVirTool:Win32/Obfuscator.2b4fd280
K7GWTrojan ( 0040f2c31 )
Cybereasonmalicious.976182
VirITBackdoor.Win32.Generic.BNVG
CyrenW32/DelfInject.AR.gen!Eldorado
SymantecTrojan.Zbot
ESET-NOD32Win32/Spy.Zbot.AAO
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-9763500-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.5590
NANO-AntivirusTrojan.Win32.Panda.eyknfb
SUPERAntiSpywareTrojan.Agent/Gen-PWS
AvastWin32:Citadel-Z [Trj]
TencentMalware.Win32.Gencirc.10b874b8
Ad-AwareGen:Variant.Symmi.5590
EmsisoftGen:Variant.Symmi.5590 (B)
ComodoTrojWare.Win32.Kryptik.NEGL@4rlebb
DrWebTrojan.PWS.Panda.2401
ZillyaTrojan.Injector.Win32.151725
TrendMicroTSPY_ZBOT.SM16
McAfee-GW-EditionPWS-Zbot.gen.aow
SophosML/PE-A + Mal/EncPk-AGD
IkarusTrojan.Win32.Yakes
JiangminTrojan/Yakes.hxn
WebrootW32.Infostealer.Zeus
AviraTR/Oficla.887956
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.Heur.KVMH008.a.(kcloud)
ArcabitTrojan.Symmi.D15D6
ViRobotTrojan.Win32.A.Yakes.179712.H
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Symmi.5590
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win32.Zbot.R44285
McAfeePWS-Zbot.gen.aow
VBA32Malware-Cryptor.Inject.gen
TrendMicro-HouseCallTSPY_ZBOT.SM16
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.GenAsa!HaPD7Ts/dA0
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Malware
FortinetW32/Injector.WCT!tr
BitDefenderThetaGen:NN.ZelphiF.34212.mG1@aS9osjhi
AVGWin32:Citadel-Z [Trj]
PandaTrj/Velphi.a
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Symmi.5590 (B)?

Symmi.5590 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment