Virus:Win32/Mariofev.A (file analysis)

The Virus:Win32/Mariofev.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Virus:Win32/Mariofev.A virus can do?

Unconventionial language used in binary resources: Czech
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Virus:Win32/Mariofev.A?


File Info:
name: 53BFED3DF0C8765EB5AB.mlw
path: /opt/CAPEv2/storage/binaries/085ff0d4f7ca9a26f2bfd8db2f74b6123899c21925386ce9884151bd2d4c5d5a
crc32: 5D6E4BFE
md5: 53bfed3df0c8765eb5ab95e6a5cd849b
sha1: e65bb0367c5005dddd836e3a70c21aa3f862c904
sha256: 085ff0d4f7ca9a26f2bfd8db2f74b6123899c21925386ce9884151bd2d4c5d5a
sha512: 0c0dc4eef58eb5571f34592fae62cf840e20b30f87d42a5457aeac2c641836587aeceea0120c87b2327eb3a18332a27609527f69422ae7198ca6e09ce8ea6af6
ssdeep: 12288:+18umLEk+acny1NQSrpnaex3g4d2rDtS0un:+hmT+acUNQCpa2g4doDtSZ
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T185C45A12B6D1D060D2A2173165ABB3B197A9AD79042CF90FD990FE3A7970183C737A4F
sha3_384: 3b205161a83a2e535f50e0fc276336a905f28db0cc044433af84cf084c6a89f95532ce5e179a1d8abee98409e7c1f587
ep_bytes: 8bff558bec837d0c017505e85d070000
timestamp: 2004-08-17 22:48:56

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows XP USER API Client DLL
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: user32
LegalCopyright: © Microsoft Corporation. Všechna práva vyhrazena.
OriginalFilename: user32
ProductName: Operační systém Microsoft® Windows®
ProductVersion: 5.1.2600.2180
Translation: 0x0405 0x04b0

Virus:Win32/Mariofev.A also known as:

Lionic	Trojan.Win32.Patched.4!c
MicroWorld-eScan	Win32.MarioForever.Patched
FireEye	Win32.MarioForever.Patched
CAT-QuickHeal	Trojan.Patched.AP
Skyhigh	Patched User32.a
McAfee	Patched User32.a
Cylance	unsafe
K7AntiVirus	Trojan ( 0005e4651 )
K7GW	Trojan ( 0005e4651 )
CrowdStrike	win/malicious_confidence_70% (D)
ESET-NOD32	Win32/Pinit
Cynet	Malicious (score: 99)
Kaspersky	Trojan.Win32.Patched.dr
BitDefender	Win32.MarioForever.Patched
NANO-Antivirus	Trojan.Win32.Patched.dsvwey
Avast	Win32:SysPatch [Wrm]
Emsisoft	Win32.MarioForever.Patched (B)
F-Secure	Trojan.TR/Patched.Gen2
DrWeb	BackDoor.Zapinit
VIPRE	Win32.MarioForever.Patched
TrendMicro	Possible_Patch-1
Sophos	Troj/User32Hk-A
Ikarus	Trojan.Win32.Patched
GData	Win32.MarioForever.Patched
Jiangmin	Win32/PatchFile.gn
Google	Detected
Avira	TR/Patched.Gen2
MAX	malware (ai score=89)
Kingsoft	Win32.Patched.bb.10
Xcitium	TrojWare.Win32.Patched.F@1f0ghc
Arcabit	Win32.MarioForever.Patched
ViRobot	Win32.Patched.X
ZoneAlarm	Trojan.Win32.Patched.dr
Microsoft	Virus:Win32/Mariofev.A
Varist	W32/Patched.AB.gen!Eldorado
AhnLab-V3	Win-Trojan/User32Hk
BitDefenderTheta	AI:FileInfector.2CE34A511A
Panda	W32/Patched.D
TrendMicro-HouseCall	Possible_Patch-1
Rising	Trojan.Win32.Patched.bi (CLASSIC)
MaxSecure	Virus.Patched.DR
Fortinet	W32/Patched.D!tr
AVG	Win32:SysPatch [Wrm]
DeepInstinct	MALICIOUS

How to remove Virus:Win32/Mariofev.A?

Virus:Win32/Mariofev.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X