Trojan

Trojan:Win32/Ymacco.AB65 (file analysis)

Malware Removal

The Trojan:Win32/Ymacco.AB65 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Ymacco.AB65 virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Uses Windows utilities for basic functionality
  • Network activity detected but not expressed in API logs
  • Harvests information related to installed mail clients

How to determine Trojan:Win32/Ymacco.AB65?



File Info:

crc32: B4783AA2
md5: a50519badf2e0d5bd74ecc73b312d231
name: upload_file
sha1: 7ddbd2cd684136ae10107c7d4ee4a5c3ba153860
sha256: 654020f2936ac35a44528062ea745fc1cc45b79920c23c54d2528cddcdaf940c
sha512: 4b5c51a9f778d68fa66a16fa04a6a45af783e36ddc2c80e375587b1e71e62ad4bcc2427749a47fa3cd679032e651cdefbd344e94eb85c5a8588369e6c05b7720
ssdeep: 768:KXZ9o0guzanIpNSylLzw1n00BwtJwyTD9jI2Wr9kj:KXXgcaAMSzwZ0bJ1NjI79W
type: Composite Document File V2 Document, No summary info


Version Info:

0: [No Data]

Trojan:Win32/Ymacco.AB65 also known as:

FireEyeExploit.CVE-2017-11882.Gen
McAfeeExploit-CVE2017-11882.bx
InvinceaExp/20180802-B
SymantecTrojan Horse
TrendMicro-HouseCallTrojan.Win32.CVE201711882.BH
AvastWin32:ShellCode [Expl]
CynetMalicious (score: 85)
KasperskyHEUR:Exploit.MSOffice.Generic
BitDefenderExploit.CVE-2017-11882.Gen
ViRobotDOC.Z.CVE-2017-1188.44544.M
MicroWorld-eScanExploit.CVE-2017-11882.Gen
Ad-AwareExploit.CVE-2017-11882.Gen
EmsisoftExploit.CVE-2017-11882.Gen (B)
ComodoMalware@#skobgpgxx95z
F-SecureExploit.EXP/CVE-2017-11882.gtvcl
DrWebExploit.Siggen2.48532
TrendMicroTrojan.Win32.CVE201711882.BH
McAfee-GW-EditionExploit-CVE2017-11882.bx
SophosExp/20180802-B
IkarusTrojan-Downloader.Office.Crypt
AviraEXP/CVE-2017-11882.gtvcl
MAXmalware (ai score=100)
MicrosoftTrojan:Win32/Ymacco.AB65
ArcabitExploit.CVE-2017-11882.Gen
ZoneAlarmHEUR:Exploit.MSOffice.Generic
GDataExploit.CVE-2017-11882.Gen
AhnLab-V3Exploit/XLS.Generic
TACHYONSuspicious/W97.CVE-2017-11882
ESET-NOD32probably a variant of Win32/Exploit.CVE-2017-11882.C
TencentOffice.Exploit.Generic.Ljjp
FortinetMSOffice/CVE_2017_11882.B!exploit
AVGWin32:ShellCode [Expl]
Qihoo-360Generic/Trojan.Exploit.ed7

How to remove Trojan:Win32/Ymacco.AB65?

Trojan:Win32/Ymacco.AB65 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment