UDS:Hoax.Win32.ArchSMS (file analysis)

The UDS:Hoax.Win32.ArchSMS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What UDS:Hoax.Win32.ArchSMS virus can do?

Behavioural detection: Executable code extraction – unpacking
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine UDS:Hoax.Win32.ArchSMS?


File Info:
name: 0242F0D076975D5476DF.mlw
path: /opt/CAPEv2/storage/binaries/9a835e7d3ed882904fd85e87dc2b51a2221c3caff4c700f35b467e4985d7c908
crc32: B4F1E981
md5: 0242f0d076975d5476dff7f6124d8955
sha1: b8b17890373a897861c43120977ae7751e1373e7
sha256: 9a835e7d3ed882904fd85e87dc2b51a2221c3caff4c700f35b467e4985d7c908
sha512: cd0ff071b6afd6d8c030d36fe652e9f6deb9f28a4cdbe1f654a02295fe963cdbd9b55d4491d09702d68d6d50447a35d8b45cdb3edfff4b635ad34a3e9b540303
ssdeep: 12288:9X76giJ2bg/m/h4jJ6FH3KBy2uMeX+kvktfAqfIuEXUfiN9Qs6EGzFF4BNqKcg+J:9X76UjZOGH3x2A+YQ9EE8QROqft1C6z
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16365F15D8D971D8EC257D1BAFF4408BE1A675B8C338232EB2F6235D496702EA01F4B58
sha3_384: 4a9edd94ba92d8f0d71cf2c630cb04accf153ee0951100bbd1c73cc0d833d388d4b1f0852d7d867279b6bdaa6b0e30f9
ep_bytes: 8d0ddc904800b8ad0200008d1d789148
timestamp: 2023-04-30 15:33:40

Version Info:
0: [No Data]

UDS:Hoax.Win32.ArchSMS also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Virlock.Gen.8
ClamAV	Win.Virus.Virlock-6332874-0
FireEye	Generic.mg.0242f0d076975d54
CAT-QuickHeal	Ransom.PolyRansom.F3
ALYac	Win32.Virlock.Gen.8
Malwarebytes	MachineLearning/Anomalous.100%
Zillya	Virus.Virlock.Win32.5
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 004cd6d81 )
K7GW	Trojan ( 004cd6d81 )
Cybereason	malicious.076975
Baidu	Win32.Virus.Virlock.e
VirIT	Win32.CryptoGen.C
Cyren	W32/S-39bf970f!Eldorado
ESET-NOD32	a variant of Win32/Virlock.J
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:Hoax.Win32.ArchSMS.gen
BitDefender	Win32.Virlock.Gen.8
NANO-Antivirus	Virus.Win32.Virlock.dsdros
Avast	Win32:Cryptor
Tencent	Virus.Win32.VirLocker.ja
Emsisoft	Win32.Virlock.Gen.8 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Win32.VirLock.16
VIPRE	Win32.Virlock.Gen.8
TrendMicro	PE_VIRLOCK.K-O
McAfee-GW-Edition	BehavesLike.Win32.VirRansom.tc
Trapmine	malicious.high.ml.score
Sophos	W32/VirRnsm-F
SentinelOne	Static AI – Malicious PE
GData	Win32.Virlock.Gen.8
Avira	TR/Crypt.XPACK.Gen
MAX	malware (ai score=84)
Antiy-AVL	Virus/Win32.Virlock.j
Xcitium	Virus.Win32.VirLock.GA@7lv9go
Arcabit	Win32.Virlock.Gen.8
ViRobot	Trojan.Win32.Virlock.Gen.A
ZoneAlarm	UDS:Hoax.Win32.ArchSMS.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
AhnLab-V3	Win32/Nabucur.D.X1506
Acronis	suspicious
McAfee	W32/VirRansom.b!0242F0D07697
TACHYON	Virus/W32.VirRansom.B
VBA32	Virus.PolyRansom.k
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	PE_VIRLOCK.K-O
Rising	Virus.VirLock!1.A08A (CLASSIC)
Ikarus	Virus.Win32.Virlock
MaxSecure	Virus.PolyRansom.b
Fortinet	W32/Virlock.J
BitDefenderTheta	AI:FileInfector.394B29A813
AVG	Win32:Cryptor
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove UDS:Hoax.Win32.ArchSMS?

UDS:Hoax.Win32.ArchSMS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X