Trojan:Win32/Wacatac.D5!ml (file analysis)

The Trojan:Win32/Wacatac.D5!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Wacatac.D5!ml virus can do?

• Executable code extraction
• Creates RWX memory
• Unconventionial language used in binary resources: Arabic (Tunisia)
• The binary likely contains encrypted or compressed data.
• Network activity detected but not expressed in API logs
• Anomalous binary characteristics

Related domains:

How to determine Trojan:Win32/Wacatac.D5!ml?

File Info:
crc32: B74BF289
md5: 78a9e83c3ee9695abe5b1698d4f594af
name: infostat.exe
sha1: 0903a4861c23d3606048dedf0e11d0f95bd18f02
sha256: 5c014fbda22ed7eb3e16d6e7cefc5a2763dc3a7a419e428022dc58334e9770b5
sha512: 330a51e94e6893eb23733deaf02785314902a4c7572534bbb010210edd5a2575a658323c6953c0ce6eee4bc5b3596837b30d06c17daea1526d883f0973192cf8
ssdeep: 12288:a4x+VM2JRUcv4cdJoNyITsLUHvim+qFAlGxlnd/AvKNcJFAylp:abM2JRU41dyFsOp+a0QllnaJDX
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Copright: Copright (C) 2020, kac
FileVersion: 1.0.0.1
Translations: 0x0292 0x03dd

Trojan:Win32/Wacatac.D5!ml also known as:

How to remove Trojan:Win32/Wacatac.D5!ml?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.