Virus

What is “Virus:Win32/Expiro.EK!MTB”?

Malware Removal

The Virus:Win32/Expiro.EK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Expiro.EK!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Virus:Win32/Expiro.EK!MTB?



File Info:

name: 992C4D829A2AF5F45F21.mlw
path: /opt/CAPEv2/storage/binaries/34fee3312ad31e2ed6bd759e70a40a22a60655ef4af9ed8710d3c9b62fa75548
crc32: 390689CA
md5: 992c4d829a2af5f45f2153d52ba5600a
sha1: c5d64b2b6a5c96ffaa50d96bcd3fb584bb992877
sha256: 34fee3312ad31e2ed6bd759e70a40a22a60655ef4af9ed8710d3c9b62fa75548
sha512: edfecbce00881733a3b604cabc0e389fbdbf757cc4fcad1fc856b4d13c2d75d1abceef44efc3817e7a1d5cc19e7c171208b9a31eb4dfd07e20f12becb57e1685
ssdeep: 24576:jkvFaCks7WE9F5pwg8zmdqQjC60jiHkU:jkvFaCks7R9L58UqFJjskU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CA6523A0B39718A7FB0503329DD6F79909A8BE60DC895203B2C47B3F2C785E5F558A43
sha3_384: fc9b3b7627234a3b7064511799eb63fc25fc1e3aedd80d81db46169631ff7f3cf9836e9842c00130f70b06c305098480
ep_bytes: e89df6ffffe935fdffffff25a4110030
timestamp: 2006-10-27 03:17:20


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft Office OneNote Privilege Elevation
FileVersion: 12.0.4518.1014
InternalName: Elevation
LegalCopyright: © 2006 Microsoft Corporation.  All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: ONElevation.exe
ProductName: Microsoft Office OneNote
ProductVersion: 12.0.4518.1014
Translation: 0x0000 0x04e4

Virus:Win32/Expiro.EK!MTB also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Expiro.n!c
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Expiro.Gen.7
ClamAVWin.Malware.Expiro-9937504-0
FireEyeGeneric.mg.992c4d829a2af5f4
CAT-QuickHealW32.Expiro.R3
SkyhighBehavesLike.Win32.Generic.tt
Cylanceunsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaVirus:Win32/Expiro.477c9e6a
K7GWVirus ( 005a8b911 )
K7AntiVirusVirus ( 005a8b911 )
SymantecW32.Xpiro.J!dam
ESET-NOD32a variant of Win32/Expiro.NDP
APEXMalicious
CynetMalicious (score: 100)
KasperskyVirus.Win32.Moiva.a
BitDefenderWin32.Expiro.Gen.7
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
AvastWin32:FileInfector-C [Heur]
TencentVirus.Win32.VirMoiva.a
TACHYONVirus/W32.Movia
EmsisoftWin32.Expiro.Gen.7 (B)
F-SecureMalware.W32/Infector.Gen
DrWebWin32.Expiro.158
VIPREWin32.Expiro.Gen.7
TrendMicroVirus.Win32.EXPIRO.JMA
SophosW32/Moiva-A
IkarusVirus.Win32.Sality
GoogleDetected
AviraW32/Infector.Gen
Antiy-AVLVirus/Win32.Expiro.x
MicrosoftVirus:Win32/Expiro.EK!MTB
ArcabitWin32.Expiro.Gen.7
ZoneAlarmVirus.Win32.Moiva.a
GDataWin32.Trojan.PSE.1HLUM2D
VaristW32/Expiro.AU.gen!Eldorado
VBA32Trojan.Sabsik.TE
ALYacWin32.Expiro.Gen.7
MAXmalware (ai score=85)
MalwarebytesMalware.AI.1047423059
PandaW32/Moyv.A
RisingTrojan.Generic@AI.80 (RDML:Cw9hmrri1GCBuwuk97MdGQ)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Expiro.NDP!tr
AVGWin32:FileInfector-C [Heur]
Cybereasonmalicious.b6a5c9
DeepInstinctMALICIOUS

How to remove Virus:Win32/Expiro.EK!MTB?

Virus:Win32/Expiro.EK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment