Virus

About “Virus.Win64.Expiro.rc” infection

Malware Removal

The Virus.Win64.Expiro.rc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virus.Win64.Expiro.rc virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Virus.Win64.Expiro.rc?


File Info:

name: 4E52242974EC59979C22.mlw
path: /opt/CAPEv2/storage/binaries/073f69370322454fb6f43639c055fa7c37fad3e2e7cd878f89f4c8e0a4f01536
crc32: 88B9BD49
md5: 4e52242974ec59979c221b7542a4eb19
sha1: 246b397e7d22a66e8b83f061cb85a510e32d9fbc
sha256: 073f69370322454fb6f43639c055fa7c37fad3e2e7cd878f89f4c8e0a4f01536
sha512: a3c89f3c94e520c97e679181ff04c96c26e66bd593fac76b930a12966a4bfacf313dd1ff128e455380588dcf7e912d0d2eda27d1938f5ec4145c8663f7f9bd1d
ssdeep: 12288:dI02d0nuCTgLsYG23mRfNiiW9/I2EuWsb1TWEg:dRuCisYG6LBJByH
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T142A4D0399A3614D4DD160EB871C6F84ACD34F910C36A4EF779A784CBB3BE297A121127
sha3_384: e01a9562e58bb4ec533a13c81f12c49c19d0e1aa1224c902fdf86b2a61fb7217a3af38985d4032ec588fbd1095f17722
ep_bytes: 455357455541bb60000000654b8b3b52
timestamp: 2019-12-03 08:58:00

Version Info:

CompanyName: Microsoft Corporation
FileVersion: 2.75.5649.201
LegalCopyright: Copyright (C) Microsoft Corporation. All rights reserved.
ProductName: Microsoft® Mashup Runtime
ProductVersion: 2.75.5649.201
LegalTrademarks: Microsoft® is a registered trademark of Microsoft Corporation.
Translation: 0x0409 0x04b0

Virus.Win64.Expiro.rc also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanWin64.Expiro.Gen.6
FireEyeGeneric.mg.4e52242974ec5997
ALYacWin64.Expiro.Gen.6
BitDefenderWin64.Expiro.Gen.6
Cybereasonmalicious.974ec5
ESET-NOD32a variant of Win64/Expiro.CO
TrendMicro-HouseCallVirus.Win64.EXPIRO.MR
KasperskyVirus.Win64.Expiro.rc
NANO-AntivirusVirus.Win64.Expiro.clnvwd
Ad-AwareWin64.Expiro.Gen.6
EmsisoftWin64.Expiro.Gen.6 (B)
TrendMicroVirus.Win64.EXPIRO.MR
SophosML/PE-A
APEXMalicious
AviraTR/Patched.Gen
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin64.Expiro.Gen.6
CynetMalicious (score: 100)
CylanceUnsafe
IkarusVirus.Win64.Expiro
SentinelOneStatic AI – Suspicious PE
FortinetW64/Expiro.CE
AVGWin64:Xpirat [Inf]
AvastWin64:Xpirat [Inf]
CrowdStrikewin/malicious_confidence_80% (D)

How to remove Virus.Win64.Expiro.rc?

Virus.Win64.Expiro.rc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment