Risk

UDS:RiskTool.Win64.Ydark (file analysis)

Malware Removal

The UDS:RiskTool.Win64.Ydark is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:RiskTool.Win64.Ydark virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Deletes executed files from disk

How to determine UDS:RiskTool.Win64.Ydark?



File Info:

name: 8198B596DB9C5379F588.mlw
path: /opt/CAPEv2/storage/binaries/9f8573f56d1ab71935f3a47c074ec7071b2ebf87e6e9e4f0b1cef9b866c333ee
crc32: CB1278C4
md5: 8198b596db9c5379f588fa530d89bf38
sha1: 22c13c98777bfe9faf70f2f191d5c192ac5fede1
sha256: 9f8573f56d1ab71935f3a47c074ec7071b2ebf87e6e9e4f0b1cef9b866c333ee
sha512: bf53571bd6dfcb8b38fc1b18f7aa0d05b50e7d656666f3b5d5e2452e10dc4b1fe8d35a9053770799081fdb327e537c8779e5c68465af458708322c414b13f063
ssdeep: 393216:zkau45J10twUXoo/iBt0YC6f3qzW6+6+sjoLr:zkaZ5X05Xocgt0XHr+sj0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T167D633021BE4ED89DB6B9B75F5B3C8C523E1CD6A0831D9593D2363AAE34632164B3D43
sha3_384: 2e2d322fc36f90447988de327edfd4cf33478447326dabaea5953ec30a57a8659f7bf65ee45f92a1e68099c50c8eebb1
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2020-08-01 02:44:18


Version Info:

FileDescription: YDArk
FileVersion: 1.0.1.11
Translation: 0x0804 0x04b0

UDS:RiskTool.Win64.Ydark also known as:

LionicHeuristic.File.Generic.00×1!p
FireEyeGeneric.mg.8198b596db9c5379
McAfeeArtemis!8198B596DB9C
SangforTrojan.Win32.GenCBL.BHZ
K7AntiVirusTrojan ( 0057c21a1 )
K7GWTrojan ( 0057c21a1 )
Cybereasonmalicious.8777bf
SymantecTrojan.Gen.MBT
Elasticmalicious (moderate confidence)
ESET-NOD32multiple detections
APEXMalicious
AvastWin64:Malware-gen
CynetMalicious (score: 99)
Kasperskynot-a-virus:UDS:RiskTool.Win64.Ydark.gen
RisingTrojan.MalCert!1.D834 (CLASSIC)
McAfee-GW-EditionBehavesLike.Win32.ICLoader.rc
SophosGeneric PUA CC (PUA)
Paloaltogeneric.ml
WebrootW32.Malware.Gen
AviraADWARE/Amonetize.Gen7
Antiy-AVLTrojan/Generic.ASCommon.21E
ZoneAlarmnot-a-virus:HEUR:RiskTool.Win64.Ydark.gen
MicrosoftTrojan:Win32/Wacatac.A!ml
GoogleDetected
AhnLab-V3HackTool/Win.YDark.R421781
TrendMicro-HouseCallTROJ_GEN.R002H0CI322
TencentWin64.Risk.Ydark.Unkl
SentinelOneStatic AI – Suspicious PE
FortinetRiskware/BadCert
AVGWin64:Malware-gen
CrowdStrikewin/grayware_confidence_100% (W)

How to remove UDS:RiskTool.Win64.Ydark?

UDS:RiskTool.Win64.Ydark removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment