Malware

W32/Alman-C removal

Malware Removal

The W32/Alman-C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What W32/Alman-C virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine W32/Alman-C?



File Info:

name: B73896F7703A3A33B838.mlw
path: /opt/CAPEv2/storage/binaries/6d46b8b823bdc9b2e270258b42ac5aa25875689e46ee688ab4a74f90b7b452b6
crc32: 8711CDD2
md5: b73896f7703a3a33b8387ca5acc015b0
sha1: d23cb3624e073de36d68ae6e04b8ffc471e223b2
sha256: 6d46b8b823bdc9b2e270258b42ac5aa25875689e46ee688ab4a74f90b7b452b6
sha512: 8d6536cd28a4dfe40dd1cff6e717ee6da26781c842fd2b22153b5044bf2fd4e19039cbd6b267a44801a680af90ec1211d5813d97ff3b3278933c0012a79b15a8
ssdeep: 3072:KLl3du4V2cKAHBYsf6ZxDPkTRGNAxRcScEjwtQ48xvND4E45uJM4fAyoO00uEWVX:Kp3dGfRPkkuNfqWZRy4rhSsQLH5AE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CF252FA9E45FED66C006E6F87C48D15804893B2211A3945B3EDF3E464BF328FA9BCD45
sha3_384: cebec7fa122327ad0e6da033837b3444e80f39313fb45ff1a536caedcdaa1a84d042e04c7d2c8632fb9233063e4028eb
ep_bytes: 8bd28bff83f30083cb00606190606190
timestamp: 2013-04-11 02:37:58


Version Info:

Translation: 0x0804 0x04b0
CompanyName: RichTech Corporation
FileDescription: RichTech Game Open Procedure
ProductName: RichTech GameUp Tool
FileVersion: 2.01.0006
ProductVersion: 2.01.0006
InternalName: RichStart
OriginalFilename: RichStart.exe

W32/Alman-C also known as:

BkavW32.AcLuC.PE
LionicVirus.Win32.Alman.n!c
MicroWorld-eScanWin32.Almanahe.D
ClamAVWin.Trojan.Alman-5
FireEyeGeneric.mg.b73896f7703a3a33
CAT-QuickHealW32.Almanahe.B
SkyhighBehavesLike.Win32.Almanahe.ft
McAfeeW32/Almanahe.f.c
Cylanceunsafe
ZillyaVirus.Alman.Win32.2
SangforSuspicious.Win32.Save.a
K7AntiVirusVirus ( 00001b6e1 )
AlibabaVirus:Win32/Alman.a15f2c78
K7GWVirus ( 00001b6e1 )
Cybereasonmalicious.24e073
BitDefenderThetaAI:FileInfector.3231077510
VirITWin32.Alman.B
SymantecW32.Almanahe.B!inf
Elasticmalicious (high confidence)
ESET-NOD32Win32/Alman.NAB
APEXMalicious
CynetMalicious (score: 100)
KasperskyVirus.Win32.Alman.b
BitDefenderWin32.Almanahe.D
NANO-AntivirusVirus.Win32.Alman.xyevp
AvastWin32:Alman [Inf]
TencentVirus.Win32.Magister.a
TACHYONVirus/W32.Alman.B
EmsisoftWin32.Almanahe.D (B)
BaiduWin32.Virus.Alman.a
F-SecureMalware.W32/Alman.BB
DrWebWin32.Alman.1
VIPREWin32.Almanahe.D
TrendMicroPE_CORELINK.C-1
Trapminesuspicious.low.ml.score
SophosW32/Alman-C
SentinelOneStatic AI – Suspicious PE
GDataWin32.Almanahe.D
JiangminWin32/Almana.c
GoogleDetected
AviraW32/Alman.BB
Antiy-AVLVirus/Win32.Alman.b
KingsoftWorm.DLan.b.79872
XcitiumVirus.Win32.Alman.A@18f6pd
ArcabitWin32.Almanahe.D
ViRobotWin32.Alman.B
ZoneAlarmVirus.Win32.Alman.b
MicrosoftVirus:Win32/Almanahe.B
VaristW32/Alman.C
AhnLab-V3Win32/Alman.C
VBA32Virus.Win32.Alman.B
ALYacWin32.Almanahe.D
MAXmalware (ai score=100)
MalwarebytesGeneric.Malware/Suspicious
PandaW32/Almanahe.C
TrendMicro-HouseCallPE_CORELINK.C-1
RisingWorm.Magistr.g (CLASSIC)
YandexTrojan.GenAsa!/FhBqEo8CTU
IkarusVirus.Alman
MaxSecureVirus.Alman.B
FortinetW32/Alman.B
AVGWin32:Alman [Inf]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove W32/Alman-C?

W32/Alman-C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment