Trojan:Win32/Wacatac.DF!ml removal tips

Malware Removal

The Trojan:Win32/Wacatac.DF!ml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Wacatac.DF!ml virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (4 unique times)
  • Creates RWX memory
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Spanish (El Salvador)
  • The binary likely contains encrypted or compressed data.
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

How to determine Trojan:Win32/Wacatac.DF!ml?

File Info:

crc32: FC5AE331
md5: ee6ef2afebb85ba01879be7ef212f509
name: infostat.exe
sha1: 9cd7b2a34a70955699d89b292d25210d0641a22c
sha256: f2f2725fc1a43dbacb8fcbf59fe0500f0ef9d9f7f8d6a6a0745b800f006e7a39
sha512: 11f9e1acdfe8cbe56bfbe21ae5f70a3a58d0c40fcd4f41bd50cdfe90641b7a89699c69272910bd97dc82ac77ef4cc554b4b54e1031eb093107cf692914d413e7
ssdeep: 12288:T9fkHVPyNuOKkysJP/8hO1jZFlXtc1lQbPuFCYiXwOBrxjl9Fmh:T9aVqGkJ8kjZF9S19CiOBNwh
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translations: 0x0292 0x03dd

Trojan:Win32/Wacatac.DF!ml also known as:

K7AntiVirusTrojan ( 005643101 )
K7GWTrojan ( 005643101 )
RisingMalware.Heuristic!ET#97% (RDMK:cmRtazp5Y/D41LjaLfD5wBYrf0jz)
Endgamemalicious (high confidence)
CynetMalicious (score: 100)
SentinelOneDFI – Malicious PE
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Trojan:Win32/Wacatac.DF!ml?

Trojan:Win32/Wacatac.DF!ml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment