Trojan

Trojan:Win32/Ymacco.AA15 removal tips

Malware Removal

The Trojan:Win32/Ymacco.AA15 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ymacco.AA15 virus can do?

  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan:Win32/Ymacco.AA15?



File Info:

crc32: CF6EA6DF
md5: 646a1ed9ea6e7910f55468de32bdde7d
name: oxxslMain.exe
sha1: 0defa6b77922149f3f3657c3b4a955c0f9a74ab0
sha256: 1544e6eae4cd21c1bc438ca3e3a84550a4ebf85c2175556797edd45d95456be3
sha512: eca67b9f8b87a3f8dbb65cf5d53346c992d2bf88e8af44005b2c163de79673abd8a9f4df1edc0c6ce9800977472f45810a66f039cf9d8b4c48b909ee828b9fd6
ssdeep: 24576:O2rT5JibBsR1YAcUSWcPsPQcVnJtCab+dC2OA2XLt9+Zqfp:XpJ22R1rcUWPsPFVrCab+dqAwB9rp
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

ProductVersion: 0.0.0.0
FileVersion: 1.3.1.8
Comments: x5c0fx7a0bx5e8fx5077x94bbx5de5x5177xff0cx4e3bx7a0bx5e8fx3002
FileDescription: x5c0fx7a0bx5e8fx5077x94bbx5de5x5177
Translation: 0x0804 0x04b0

Trojan:Win32/Ymacco.AA15 also known as:

BkavW32.AIDetectVM.malware1
CAT-QuickHealTrojan.Dynamer
McAfeeArtemis!646A1ED9EA6E
CylanceUnsafe
VIPRETrojan.Win32.Generic.pak!cobra
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Malware.Autoit-7533156-0
KasperskyUDS:DangerousObject.Multi.Generic
NANO-AntivirusTrojan.Win32.RiskGen.dofzrz
AegisLabTrojan.Win32.Generic.4!c
RisingTrojan.Dynamer!8.3A0 (CLOUD)
ZillyaTrojan.GenericTKA.Win32.190
SophosTroj/RKProc-Fam
JiangminTrojan.Pasta.ahk
MaxSecureTrojan.Malware.300983.susgen
Antiy-AVLGrayWare/Win32.Generic
MicrosoftTrojan:Win32/Ymacco.AA15
ZoneAlarmUDS:DangerousObject.Multi.Generic
VBA32Trojan.SelfDel
TrendMicro-HouseCallTROJ_GEN.R002C0DGM20
WebrootW32.Malware.Gen
AVGWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_60% (W)
Qihoo-360Generic/HEUR/QVM10.2.6222.Malware.Gen

How to remove Trojan:Win32/Ymacco.AA15?

Trojan:Win32/Ymacco.AA15 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment