Malware

VirTool:Win32/Rekcap.B removal instruction

Malware Removal

The VirTool:Win32/Rekcap.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/Rekcap.B virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Collects information about installed applications
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine VirTool:Win32/Rekcap.B?



File Info:

name: 3B97CEC418E3FC69937C.mlw
path: /opt/CAPEv2/storage/binaries/ad0fc8c3871a75de6069ce9c2fb8cbe63218e219234849fc9032dd79363f9d3b
crc32: B6CFF80D
md5: 3b97cec418e3fc69937c79705d7df57d
sha1: 617e8c03cdda097526a8ca6bd5e39c3205d2fcb9
sha256: ad0fc8c3871a75de6069ce9c2fb8cbe63218e219234849fc9032dd79363f9d3b
sha512: 1a7b41b64a53753a26997db896dd147f4f249fbcaabe985e74c4bb478395d1c8afaa8971274688e41246e3f79fc07c47718aa7f6191064be1ab0fc1de9224c3e
ssdeep: 12288:1N+O33C9P1Vk3S7OqYxKI0XmtcKJTYoFdsvhLVYhTSJ:1YO33SQSqq7I02tcKJTYqdU6E
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T162D4122235A6C07AE7B2157A2594A7650E6F7C931F7082CB6BC51FAC8E167E18F31307
sha3_384: 7237bac8d5a8482b03135589bfb9cb46a392527bb6e00c7ebf9baacbdc5a177255d8aa7ea127ca2e6b851fdcaea45b59
ep_bytes: e8a15e0000e979feffff8bff558bec8b
timestamp: 2017-11-22 04:17:11


Version Info:

FileVersion: 1.0.0.11
InternalName: tyuwie6o.uke
LegalCopyright: Copyright (C) 2019, sfgdnf
ProductVersion: 1.0.0.13
Translation: 0x00c9 0x0042

VirTool:Win32/Rekcap.B also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Chapak.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Brsecmon.1
FireEyeGeneric.mg.3b97cec418e3fc69
CAT-QuickHealRansom.Stop.P5
McAfeeSodinokibi!3B97CEC418E3
CylanceUnsafe
SangforTrojan.Win32.VidarStealer.ykqah
K7AntiVirusTrojan ( 0054e43b1 )
AlibabaTrojan:Win32/Kryptik.85fe6b4c
K7GWTrojan ( 0054e43b1 )
Cybereasonmalicious.418e3f
BitDefenderThetaGen:NN.ZexaF.34114.Lu0@aucjXxm
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GTDM
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Os40444-7361867-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Brsecmon.1
NANO-AntivirusTrojan.Win32.Chapak.fqhcni
AvastWin32:Malware-gen
TencentWin32.Trojan.Generic.Lmlb
Ad-AwareTrojan.Brsecmon.1
EmsisoftTrojan.Brsecmon.1 (B)
ComodoMalware@#3bqmw7y75l2s3
VIPRETrojan.Win32.Generic!BT
TrendMicroTrojan.Win32.SODINOK.SM.hp
McAfee-GW-EditionBehavesLike.Win32.Generic.hh
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
GDataTrojan.Brsecmon.1
JiangminTrojan.PSW.Fareit.yxi
AviraHEUR/AGEN.1102735
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Chapak
MicrosoftVirTool:Win32/Rekcap.B
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Ransomcrypt.R272328
VBA32Malware-Cryptor.Grygoryi.3
ALYacTrojan.Brsecmon.1
MalwarebytesTrojan.MalPack.GS.Generic
TrendMicro-HouseCallTrojan.Win32.SODINOK.SM.hp
RisingTrojan.Generic@ML.100 (RDML:FNM7NmZWYeGFSZcT2sLygg)
YandexTrojan.Kryptik!oTMZmTAlT9k
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_95%
FortinetW32/GenKryptik.DQHN!tr
AVGWin32:Malware-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove VirTool:Win32/Rekcap.B?

VirTool:Win32/Rekcap.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment