Virus

About “Virus:Win32/Viking.JX” infection

Malware Removal

The Virus:Win32/Viking.JX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virus:Win32/Viking.JX virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Attempts to modify desktop wallpaper
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Likely virus infection of existing system binary
  • Anomalous binary characteristics

How to determine Virus:Win32/Viking.JX?


File Info:

name: AD7154C49EF9E9A0A573.mlw
path: /opt/CAPEv2/storage/binaries/4f94839b5f8c6b13b4fa56fb3c275570959dfcc0816743f66d00a895591fe4de
crc32: 469ADEF7
md5: ad7154c49ef9e9a0a5739dd39a566b04
sha1: 92c99d5fe42ad67fd3fc9934e20be924f94f9acb
sha256: 4f94839b5f8c6b13b4fa56fb3c275570959dfcc0816743f66d00a895591fe4de
sha512: 945dbd12aa0e60fa380e94d58910d8c66db6d3def1dc600d71d47c239e06817adf2670638a2072852cc27fefe2dfcb70d38e5de18f0eb8142dfa8af8583c9dc1
ssdeep: 6144:StfDEsjPhczWJgOXyug6m88PTBOsSknroAxTnj/:SbLJgOXU28PTYsSknroAB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EB349DB26F81C1B3C47A447C48E5921EA77EBB3017154CD7E1CCBF5998213E12A792EA
sha3_384: ad1bc5f0c9282345740e24fba2d67bd5f0b6863650a4d510b9edd54a45f38f5e010a498f339d5457e0dfcb66a785d78d
ep_bytes: 558bec83c4f0b83c944000e8dcacffff
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Virus:Win32/Viking.JX also known as:

BkavW32.logo_1.PE
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47286069
FireEyeGeneric.mg.ad7154c49ef9e9a0
CAT-QuickHealTrojan.GenericIH.S24445994
McAfeeW32/HLLP.n.j
CylanceUnsafe
ZillyaTrojan.Lmir.Win32.3
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.49ef9e
BaiduWin32.Virus.Agent.s
CyrenW32/Cardo.A
SymantecW32.Looked.P
ESET-NOD32Win32/Viking.AM
APEXMalicious
ClamAVWin.Trojan.Delf-1564
KasperskyVirus.Win32.Delf.62976
BitDefenderTrojan.GenericKD.47286069
NANO-AntivirusVirus.Win32.Delf.flfw
AvastWin32:Delf-YZ [Trj]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareTrojan.GenericKD.47286069
EmsisoftTrojan.GenericKD.47286069 (B)
ComodoWin32.Viking.AM~clean@3ax3
DrWebWin32.HLLP.Logo.62976
TrendMicroPE_LOOKED.G
McAfee-GW-EditionBehavesLike.Win32.PWSLegMir.dh
SophosML/PE-A + W32/LegMir-U
GDataTrojan.GenericKD.47286069
JiangminWorm/Zorin.b
AviraW32/Cardo.A
Antiy-AVLTrojan/Generic.ASBOL.29A8
MicrosoftVirus:Win32/Viking.JX
CynetMalicious (score: 100)
AhnLab-V3Win32/Lemir.62976
Acronissuspicious
BitDefenderThetaAI:Packer.14CF24A81F
ALYacTrojan.GenericKD.47286069
MAXmalware (ai score=81)
VBA32Virus.Win32.Delf.62976
MalwarebytesMalware.AI.3581986639
TrendMicro-HouseCallPE_LOOKED.G
RisingWorm.Viking.ac (CLASSIC)
YandexTrojan.GenAsa!S1dREYVu8UQ
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Leox.A
AVGWin32:Delf-YZ [Trj]
PandaW32/Viking.PS
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureVirus.W32.Delf.AI

How to remove Virus:Win32/Viking.JX?

Virus:Win32/Viking.JX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment