Malware

Symmi.61152 removal

Malware Removal

The Symmi.61152 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.61152 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Compression (or decompression)
  • Injection with CreateRemoteThread in a remote process
  • Mimics the system’s user agent string for its own requests
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Exhibits behavior characteristic of Cryptowall ransomware
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by registry key
  • Creates a copy of itself

Related domains:

aynemu.com
c2cfsi.com
apartmanykaprun.cz
baehr-consulting.com
beautyandblings.com
breezebookkeeping.co.uk
blackforestclocks.org

How to determine Symmi.61152?



File Info:

crc32: DC2CAC0C
md5: 462c340e3d8c494bce7462930faf3596
name: 462C340E3D8C494BCE7462930FAF3596.mlw
sha1: fa0be0f382506053118a926b5a18b328e0d1dcef
sha256: 4f533d827f435588410102508502ce98fb9fa70635e6beb25d604e34ce793c21
sha512: 37098ea44f942fe3dcc3e8cb68cc42b545195c31692804e82292de258705177885eed58aee5a7161ee1c6ca48a5d7721294a17634dcdf7995a341efa48193e0f
ssdeep: 6144:2Lus+gihNBUXbZIYHmAQo3enHb7r1oYhTNN+f27hcfgetc:2LxmhgdTGyuHbeYHNddc
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Shoreline (C) 2017
ProductVersion: 0,89,111,42
ProductName: Statecraft Recognised
FileVersion: 0,87,73,195
CompanyName: WareCentral.com

Symmi.61152 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.61152
FireEyeGeneric.mg.462c340e3d8c494b
Qihoo-360HEUR/QVM07.1.Malware.Gen
ALYacGen:Variant.Symmi.61152
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderGen:Variant.Symmi.61152
K7GWTrojan ( 004d93111 )
K7AntiVirusTrojan ( 004d93111 )
SymantecRansom.Cryptodefense
APEXMalicious
AvastWin32:Rootkit-gen [Rtk]
KasperskyTrojan.Win32.Yakes.nteu
AlibabaRansom:Win32/Yakes.8bec8b34
NANO-AntivirusTrojan.Win32.Dwn.dzfjpf
RisingTrojan.Generic@ML.97 (RDML:XtVUwSwp1i+hiNuzGZ+pWw)
Ad-AwareGen:Variant.Symmi.61152
EmsisoftGen:Variant.Symmi.61152 (B)
ComodoMalware@#1l9v9uutxy83f
F-SecureHeuristic.HEUR/AGEN.1113544
DrWebTrojan.DownLoader17.64754
ZillyaTrojan.Filecoder.Win32.1535
TrendMicroRansom_HPCRYPTESLA.SM2
McAfee-GW-EditionPacked-GM!462C340E3D8C
SophosMal/Generic-S
IkarusTrojan-Ransom.Locky
JiangminTrojan.Yakes.eii
WebrootW32.Adware.Gen
AviraHEUR/AGEN.1113544
Antiy-AVLTrojan/Win32.Yakes
MicrosoftRansom:Win32/Crowti.A
ArcabitTrojan.Symmi.DEEE0
ZoneAlarmTrojan.Win32.Yakes.nteu
GDataGen:Variant.Symmi.61152
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Teslacrypt.1339F9E.X1654
McAfeePacked-GM!462C340E3D8C
MAXmalware (ai score=100)
VBA32BScope.TrojanDropper.FrauDrop
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CryptoWall.A
ESET-NOD32Win32/Filecoder.CryptoWall.F
TrendMicro-HouseCallRansom_HPCRYPTESLA.SM2
TencentWin32.Trojan.Yakes.Pavs
YandexTrojan.Yakes!w+b6mED1AtM
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.ELYJ!tr
BitDefenderThetaGen:NN.ZexaF.34590.qq0@aGtnmmj
AVGWin32:Rootkit-gen [Rtk]
Cybereasonmalicious.e3d8c4
Paloaltogeneric.ml

How to remove Symmi.61152?

Symmi.61152 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment