Virus

Virus:Win32/Wholdor.A removal

Malware Removal

The Virus:Win32/Wholdor.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virus:Win32/Wholdor.A virus can do?

  • Authenticode signature is invalid
  • Binary compilation timestomping detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Virus:Win32/Wholdor.A?


File Info:

name: AF801409C1F02D8CF160.mlw
path: /opt/CAPEv2/storage/binaries/16cf2b542732e65ace2878fa45f01477feda6486a9fecd681898de14f0770a16
crc32: A813B687
md5: af801409c1f02d8cf1603fcdf3ba3ea6
sha1: 02f9f57b7904db89e3cedbbeab55ffe78cb19ea3
sha256: 16cf2b542732e65ace2878fa45f01477feda6486a9fecd681898de14f0770a16
sha512: b08ab0d04991578cb98a74da16ec7ea382a2e00032786e5bf2dbb989b882501bfb83da7fa99454807d17154110b9c6ef5349c20cb71209d2074552a1d867b7c8
ssdeep: 384:4wFhRcSK7fmnMiIa+arc7vo3Hb7Cm6wu3WZk1/6KOMiO:4wDk7foMi3+f7AHb76tW
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1BAF25D87F9D10EB3E047D0311518762EABF792BA1650D881F68CD6B8877D7A0D73620A
sha3_384: 65bdf21c3dc8b3ca77b2263ec784d3726d1a467b6ba67903ac99cf46e32693b5121cc3b75ceb7483c92ffadcc622d879
ep_bytes: 83ec5856576870174000e8010300008d
timestamp: 2051-01-21 05:27:14

Version Info:

0: [No Data]

Virus:Win32/Wholdor.A also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Downloader.l2hc
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Vimes.A
ClamAVWin.Trojan.Vimes-2
CAT-QuickHealW32.Downloader.A
McAfeeW32/Fujacks.ak
ZillyaVirus.Downloader.Win32.34
SangforSuspicious.Win32.Save.ins
AlibabaVirus:Win32/Wholdor.d078da75
CrowdStrikewin/malicious_confidence_100% (W)
CyrenW32/DownldrP.Q
SymantecDownloader
tehtrisGeneric.Malware
ESET-NOD32Win32/Whld.A
ZonerProbably Heur.ExeHeaderL
APEXMalicious
CynetMalicious (score: 100)
KasperskyVirus.Win32.Downloader.c
BitDefenderWin32.Vimes.A
NANO-AntivirusTrojan.Win32.Starter.bbkmlb
AvastWin32:Agent-GXD [Wrm]
EmsisoftWin32.Vimes.A (B)
F-SecureMalware.W32/Downloader.H
DrWebBackDoor.Attack.231
VIPREWin32.Vimes.A
TrendMicroPE_AGENT.PXI
McAfee-GW-EditionBehavesLike.Win32.Infected.nz
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.af801409c1f02d8c
SophosMal/Generic-R
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDownloader.Agent.uk
WebrootVirus:Win32/Wholdor.A
AviraW32/Downloader.H
Antiy-AVLVirus/Win32.Downloader.c
MicrosoftVirus:Win32/Wholdor.A
XcitiumVirus.Win32.Downloader.C@1cfxn6
ArcabitWin32.Vimes.A
ViRobotWin32.Downloader.H
ZoneAlarmVirus.Win32.Downloader.c
GDataWin32.Vimes.A
GoogleDetected
AhnLab-V3Win32/Vimes
VBA32Virus.Win32.Whld.A
ALYacWin32.Vimes.A
MAXmalware (ai score=100)
Cylanceunsafe
PandaW32/BoyhW.AA
TrendMicro-HouseCallPE_AGENT.PXI
RisingWorm.Tinret.a (CLASSIC)
IkarusVirus.Win32.Sality
MaxSecureVirus.W32.Downloader.C
FortinetW32/Vimes.B
BitDefenderThetaAI:FileInfector.021B5A090D
AVGWin32:Agent-GXD [Wrm]
Cybereasonmalicious.9c1f02
DeepInstinctMALICIOUS

How to remove Virus:Win32/Wholdor.A?

Virus:Win32/Wholdor.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment