Trojan.FileInfector.ayWba8urLtp (B) malicious file

The Trojan.FileInfector.ayWba8urLtp (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.FileInfector.ayWba8urLtp (B) virus can do?

Sample contains Overlay data
Authenticode signature is invalid

How to determine Trojan.FileInfector.ayWba8urLtp (B)?


File Info:
name: DB7F3343AB7952FA9CBE.mlw
path: /opt/CAPEv2/storage/binaries/4b4dcb10ebdc7d6ffe58f49f9dac29f61fcf8f3bc6fc37a9c3b8f4a791c36bda
crc32: 12838FBE
md5: db7f3343ab7952fa9cbe5a048f7d2baa
sha1: 1174ad36c962b8ef81ac418fe54ca0f8b4708553
sha256: 4b4dcb10ebdc7d6ffe58f49f9dac29f61fcf8f3bc6fc37a9c3b8f4a791c36bda
sha512: aa885780b6aea601a944991615b54d7a1d8f0cdc5bcd02c0f0fc01aacee7f851df181cc4497c133a343508553fc22fb3d27cd4495f68edec1acbd69656a95c21
ssdeep: 6144:JnKNKqEOPlqRdfpbcI9KSslIBne9BRIFi2w8VMoK:JnKNKqElPcImlMM8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10F847D127BC6C079D68502334AB3831A67BAB995AF3192836BD03E5DEE312D2FD35701
sha3_384: 6652d1226a4349d5f48133d82544cfb993e86b5c2c6d48b35c9b3ba679783d5e37d7344f341898d24ab1ded33c0a20fa
ep_bytes: e896bb0000e916feffff6a106890bb44
timestamp: 2008-03-11 15:37:05

Version Info:
Comments: Callling program for MSI packages (MSI installation itself, over- , deinstallation of packages, parametrization, logging)
CompanyName: SIEMENS AG
FileDescription: setup.exe MSI caller
FileVersion: V02.01.01.16_11.01.00.02 release
InternalName: setup.exe
LegalCopyright: Copyright © SIEMENS AG 2002-2008
OriginalFilename: setup.exe
ProductDate: 2008-03-11
ProductName: Setup
ProductVersion: V02.01.01.16_11.01.00.02 release
Translation: 0x0407 0x04b0

Trojan.FileInfector.ayWba8urLtp (B) also known as:

MicroWorld-eScan	Gen:Trojan.FileInfector.ayWba8urLtp
ClamAV	Win.Virus.Wapomi-9802127-0
FireEye	Gen:Trojan.FileInfector.ayWba8urLtp
ALYac	Gen:Trojan.FileInfector.byXba8urLtp
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.ins
Cybereason	malicious.3ab795
Cyren	W32/Downloader.WXUE-4498
Symantec	W32.Wapomi.C!inf
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Wapomi.BA
APEX	Malicious
Kaspersky	Trojan-Downloader.Win32.Banload.cqfs
BitDefender	Gen:Trojan.FileInfector.ayWba8urLtp
NANO-Antivirus	Trojan.Win32.Banload.cstqaj
Avast	Win32:Evo-gen [Trj]
Ad-Aware	Gen:Trojan.FileInfector.byXba8urLtp
Emsisoft	Gen:Trojan.FileInfector.ayWba8urLtp (B)
DrWeb	BackDoor.Darkshell.246
VIPRE	Gen:Trojan.FileInfector.ayWba8urLtp
TrendMicro	Mal_DLDER
McAfee-GW-Edition	Artemis
Sophos	W32/Nimnul-A
Ikarus	Trojan-Downloader.Win32.Small
GData	Gen:Trojan.FileInfector.byXba8urLtp
Avira	W32/Jadtre.B
MAX	malware (ai score=89)
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Downloader/Win.Banload.C5280145
McAfee	W32/PatchedSmall.a!dam
Malwarebytes	Nimnul.Virus.FileInfector.DDS
TrendMicro-HouseCall	Mal_DLDER
Rising	Virus.Wapomi!8.55 (CLOUD)
Yandex	BackDoor.Darkshell!bbpw5cNU8q4
MaxSecure	Trojan.Malware.6812811.susgen
Fortinet	W32/Wapomi.BA!tr
BitDefenderTheta	AI:Packer.659502481E
AVG	Win32:Evo-gen [Trj]
Panda	Trj/CI.A

How to remove Trojan.FileInfector.ayWba8urLtp (B)?

Trojan.FileInfector.ayWba8urLtp (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X