Categories: Malware

VHO:Exploit.Win32.ShellCode.adis (file analysis)

The VHO:Exploit.Win32.ShellCode.adis is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Exploit.Win32.ShellCode.adis virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Creates RWX memory
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Exhibits possible ransomware file modification behavior
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

romkaxarit.tumblr.com
ocsp.comodoca.com
ocsp.usertrust.com
ocsp.sectigo.com

How to determine VHO:Exploit.Win32.ShellCode.adis?



File Info:

crc32: 2E7442F4md5: 62e786c7f2657fead1f5afe7b38fff68name: 62E786C7F2657FEAD1F5AFE7B38FFF68.mlwsha1: 33463006ec85a35fca47b0937ef5774bf6bcb1c8sha256: 211d5cfb31621051281b289aa8ce6111d894088a2059becc54ee888ce4967239sha512: 398c76325d4833f6a1d3f7ce6007bf1335b7beeb692255ebc50203d1094ed6176c976947bdbe24d9d6c8296d2d28c3edb301c5a79e00ee8fe4425f527ed33cabssdeep: 12288:fUfE6IIeheMBfxjtrEHeOcfydWYEkLsdwD/9r8gIY5G1rO9CFWuWSv4+ooI:fwEFheMBd9fsEkL22FgY59CQul4+/Itype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

VHO:Exploit.Win32.ShellCode.adis also known as:

Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CAT-QuickHeal Ransom.Stop.Z5
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.6ec85a
Cyren W32/Kryptik.EYC.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:PWSX-gen [Trj]
Kaspersky VHO:Exploit.Win32.ShellCode.adis
Sophos ML/PE-A
BitDefenderTheta Gen:NN.ZexaF.34126.SqW@ayVnftcO
McAfee-GW-Edition BehavesLike.Win32.Dropper.bc
FireEye Generic.mg.62e786c7f2657fea
SentinelOne Static AI – Malicious PE
eGambit Unsafe.AI_Score_91%
Microsoft Trojan:Win32/Wacatac.B!ml
Acronis suspicious
Rising Trojan.Generic@ML.92 (RDML:jP3Vr5xw4IQhFnHj6FlhSg)
Ikarus Trojan.Win32.Glupteba
MaxSecure Trojan.Malware.300983.susgen
AVG Win32:PWSX-gen [Trj]

How to remove VHO:Exploit.Win32.ShellCode.adis?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: ocsp.comodoca.comocsp.sectigo.comocsp.usertrust.comromkaxarit.tumblr.comVHO:Exploit.Win32.ShellCode.adis
3 years ago

Recent Posts

How to remove “Fragtor.545276”?

The Fragtor.545276 is considered dangerous by lots of security experts. When this infection is active,…

7 mins ago

Malware.AI.4236857157 removal tips

The Malware.AI.4236857157 is considered dangerous by lots of security experts. When this infection is active,…

33 mins ago

How to remove “Win32/AutoRun.VB.ALG”?

The Win32/AutoRun.VB.ALG is considered dangerous by lots of security experts. When this infection is active,…

33 mins ago

Win32/Spy.Virkonni.F removal instruction

The Win32/Spy.Virkonni.F is considered dangerous by lots of security experts. When this infection is active,…

39 mins ago

Should I remove “Backdoor.Farfli.AH”?

The Backdoor.Farfli.AH is considered dangerous by lots of security experts. When this infection is active,…

44 mins ago

Packed.Win32.Klone.ao removal

The Packed.Win32.Klone.ao is considered dangerous by lots of security experts. When this infection is active,…

44 mins ago