Trojan:Win32/Ymacco.AA62 (file analysis)

The Trojan:Win32/Ymacco.AA62 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Ymacco.AA62 virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Presents an Authenticode digital signature
Creates RWX memory
A process attempted to delay the analysis task.
Performs some HTTP requests
Uses Windows utilities for basic functionality
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

www.bing.com

appealingedge.xyz

How to determine Trojan:Win32/Ymacco.AA62?


File Info:
crc32: F2672244
md5: 5c60276b4448cb36bdafeeb987ce2e52
name: upload_file
sha1: 7a0a9189836ec47b66adc9daded049e5f2e80d12
sha256: 62f73a60dcb7b8dcb66264758e5c3ac931097e0580f43b51c4fa0c3f1e24f22c
sha512: 94848a480648a419bd2c1c7c0385957c47913b97e76976f577ddd4a75d1e91642b0b2a8f1b1dfa5e936792f10924bfaaaa70eb490b05978cab66faf19583f2f7
ssdeep: 3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: @x10x01FileVersion
edbit: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXX: |,x01LegalCopyright
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: ?,x01FileDescription
CompanyName: speedbit
Translation: 0x0409 0x04e4

Trojan:Win32/Ymacco.AA62 also known as:

Bkav	W32.AIDetectVM.malware1
MicroWorld-eScan	Trojan.GenericKD.43555781
FireEye	Generic.mg.5c60276b4448cb36
CAT-QuickHeal	TrojanPWS.Zbot.Y
ALYac	Trojan.GenericKD.43555781
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Gozi.trsf
Sangfor	Malware
K7AntiVirus	Trojan ( 0056b4da1 )
BitDefender	Trojan.GenericKD.43555781
K7GW	Trojan ( 0056b4da1 )
Cybereason	malicious.9836ec
TrendMicro	Trojan.Win32.WACATAC.THGCABO
F-Prot	W32/Fugrafa.K.gen!Eldorado
Symantec	Infostealer.Snifula
ESET-NOD32	a variant of Win32/Kryptik.HFGZ
Paloalto	generic.ml
GData	Trojan.GenericKD.43555781
Kaspersky	Trojan-Banker.Win32.Gozi.lfy
Alibaba	TrojanBanker:Win32/Avaddon.696d7743
NANO-Antivirus	Trojan.Win32.Gozi.hppdfg
ViRobot	Trojan.Win32.Z.Agent.256511
Rising	Trojan.MalCert!1.C99C (CLASSIC)
Ad-Aware	Trojan.GenericKD.43555781
Emsisoft	Trojan.GenericKD.43555781 (B)
F-Secure	Trojan.TR/Gozi.yvyxa
DrWeb	Trojan.Gozi.703
Zillya	Trojan.Gozi.Win32.3046
Invincea	heuristic
Trapmine	malicious.high.ml.score
Sophos	Mal/EncPk-APV
Ikarus	Trojan.SuspectCRC
Cyren	W32/Trojan.FWKT-6464
Jiangmin	Trojan.Banker.Gozi.bah
MaxSecure	Win.MxResIcn.Heur.Gen
Avira	TR/Gozi.yvyxa
MAX	malware (ai score=86)
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Microsoft	Trojan:Win32/Ymacco.AA62
Arcabit	Trojan.Generic.D2989BC5
AhnLab-V3	Trojan/Win32.Kryptik.C4170640
ZoneAlarm	Trojan-Banker.Win32.Gozi.lfy
Cynet	Malicious (score: 85)
Acronis	suspicious
McAfee	Packed-GCB!5C60276B4448
VBA32	BScope.Trojan-Spy.Zbot
Malwarebytes	Backdoor.Qbot
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Trojan.Win32.WACATAC.THGCABO
Tencent	Malware.Win32.Gencirc.10cde558
SentinelOne	DFI – Malicious PE
Fortinet	W32/Generik.KAGHIKG!tr
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Win32/Trojan.fc8

How to remove Trojan:Win32/Ymacco.AA62?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Ymacco.AA62 (file analysis)