Malware

What is “Symmi.86696 (B)”?

Malware Removal

The Symmi.86696 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Symmi.86696 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Symmi.86696 (B)?



File Info:

name: 1A5FC1F45BFA52FAEB89.mlw
path: /opt/CAPEv2/storage/binaries/b0b950535d2c327f969cc1a54cd06fcd1eb209183bfc56c0a9f651eeb5e7482f
crc32: FC96FD6B
md5: 1a5fc1f45bfa52faeb89a6e6b9679a7c
sha1: 543c32ee3400d33b2af523c82ec6906d1d4b2e04
sha256: b0b950535d2c327f969cc1a54cd06fcd1eb209183bfc56c0a9f651eeb5e7482f
sha512: 8324e6bbe3ca68b67276e66064a2c4a471ec3974180ac4eb5d9ccd028c2be2339e89908671ac4b9b3ceea7164c20e94a994c272049ca98db8bfc6a15a8a08790
ssdeep: 6144:wvk7qkMoZFOJaa82i2QIJ/UXEsH+3A06swOJRnCm5UjSQB:wvk7qTo2gabhQoUX/e3EsPJRgjd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BB342FD4B380E97BE4B18FFAA785035300945DB859C57233B3819B1A377A8E682707E7
sha3_384: 6d6fa69d9b1f9ce8fd8c1373412b3a77bc2df62624ac0d0d08c6223aa59aa7b1eab3c15a1bbeb07c30a7eae7591268c2
ep_bytes: 68bc3e4000e8eeffffff000000000000
timestamp: 2011-03-05 05:22:59


Version Info:

Translation: 0x0409 0x04b0
ProductName: VVqGEigshQEvKQIaJYrpiaXOlZOv
FileVersion: 9.49
ProductVersion: 9.49
InternalName: FEPDyLX
OriginalFilename: FEPDyLX.exe

Symmi.86696 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.86696
ClamAVWin.Trojan.Changeup-6169544-0
CAT-QuickHealWorm.VobfusVMF.S20640996
McAfeeDownloader-CJX.gen.v
Cylanceunsafe
SangforSuspicious.Win32.Save.vb
K7AntiVirusNetWorm ( 700000151 )
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.45bfa5
BaiduWin32.Worm.VB.tn
VirITTrojan.Win32.Heur.BQWM
CyrenW32/Vobfus.P.gen!Eldorado
SymantecW32.Changeup
ESET-NOD32Win32/AutoRun.VB.ACA
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.WBNA.sq
BitDefenderGen:Variant.Symmi.86696
NANO-AntivirusTrojan.Win32.WBNA.cnwqxh
SUPERAntiSpywareTrojan.Agent/Gen-ZBot
AvastWin32:VB-RSN [Wrm]
TACHYONTrojan/W32.VB-VBKrypt.233472.G
EmsisoftGen:Variant.Symmi.86696 (B)
F-SecureTrojan.TR/Kazy.14392.18
DrWebTrojan.VbCrypt.60
VIPREGen:Variant.Symmi.86696
TrendMicroWORM_VOBFUS.SMHC
McAfee-GW-EditionBehavesLike.Win32.VBObfus.dm
FireEyeGeneric.mg.1a5fc1f45bfa52fa
SophosMal/SillyFDC-M
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Symmi.86696
AviraTR/Kazy.14392.18
Antiy-AVLWorm/Win32.WBNA.gen
ArcabitTrojan.Symmi.D152A8
ViRobotWorm.Win32.A.WBNA.233472.A
ZoneAlarmWorm.Win32.WBNA.sq
MicrosoftWorm:Win32/Vobfus.BM
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.R3426
BitDefenderThetaAI:Packer.D97D5C5D21
ALYacGen:Variant.Symmi.86696
MAXmalware (ai score=86)
VBA32Trojan.Varydrop.2921
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallWORM_VOBFUS.SMHC
RisingWorm.Autorun!8.50 (TFE:3:3QRHIFWg9mD)
YandexTrojan.GenAsa!EJbvkFUjhpU
IkarusTrojan.Win32.Genome
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.ACA!tr
AVGWin32:VB-RSN [Wrm]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Symmi.86696 (B)?

Symmi.86696 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment