Malware

How to remove “Symmi.65125”?

Malware Removal

The Symmi.65125 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.65125 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup

How to determine Symmi.65125?



File Info:

name: 326974D4D0009A84BA96.mlw
path: /opt/CAPEv2/storage/binaries/1ecbc7e6d39f314a9fb13e926cbecebf535940e9e9e54840e2f408a671be9375
crc32: 3FCEAA50
md5: 326974d4d0009a84ba963ba93228dce1
sha1: 2c49dd019cd675597de504c91ff9a16f34928676
sha256: 1ecbc7e6d39f314a9fb13e926cbecebf535940e9e9e54840e2f408a671be9375
sha512: ba1b407d2fe5997b7257d0f86ee4a7c9a1e6621f20cc8358b99bc3299a0896915ca1ab6c65334306b5a5af1b0b8aaac861ea3b52f8198397ccdcdfd93a94b609
ssdeep: 6144:mjbeiYhR1ZgVnMcu7nercAeTJYJIMEVH/EZbB0GO8EDlubO60Go:muDCMnRrTQaH/MbBinwo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E864F11397D4C23AF0F027B059F926932778BCA55B35A3AF824865DD4CB27D0293836B
sha3_384: dcb8f5e4a26b4760ca2c8c0f72d35f201b00f34102993ee73086c746f8a2aa746f05c8fb3f73660d12006a4bb8d04783
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0409 0x04b0

Symmi.65125 also known as:

Elasticmalicious (high confidence)
ClamAVWin.Dropper.Gh0stRAT-6992354-0
McAfeeGenericRXAA-AA!4618EC5961DB
K7AntiVirusTrojan ( 004efefa1 )
K7GWTrojan ( 004efefa1 )
Cybereasonmalicious.4d0009
ESET-NOD32a variant of Win32/Injector.CXIK
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Yakes.ponv
BitDefenderGen:Variant.Symmi.65125
NANO-AntivirusTrojan.Win32.MlwGen.eccgln
MicroWorld-eScanGen:Variant.Symmi.65125
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Graftor.202242
SophosGeneric ML PUA (PUA)
ComodoMalware@#1s07zbrvjkr1e
DrWebBackDoor.Siggen.60255
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionPWSZbot-FASA!F0B92FD47CC6
FireEyeGeneric.mg.326974d4d0009a84
EmsisoftGen:Variant.Symmi.65125 (B)
GDataGen:Variant.Graftor.202242
JiangminTrojan.Yakes.acbq
WebrootW32.Trojan.GenKD
AviraTR/Crypt.ZPACK.desb
Antiy-AVLTrojan/Generic.ASMalwS.186784E
KingsoftWin32.Troj.Yakes.po.(kcloud)
ArcabitTrojan.Symmi.DFE65
MicrosoftProgram:Win32/Wacapew.C!ml
VBA32Trojan.Yakes
ALYacGen:Variant.Symmi.65125
MAXmalware (ai score=80)
CylanceUnsafe
YandexTrojan.Yakes!lFap8LeiWFE
SentinelOneStatic AI – Suspicious SFX
eGambitUnsafe.AI_Score_99%
FortinetW32/Injector.CXIK!tr
BitDefenderThetaGen:NN.ZexaF.34294.imKfa4uFmAZH
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Symmi.65125?

Symmi.65125 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment