Malware

W32/Expiro-AV malicious file

Malware Removal

The W32/Expiro-AV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What W32/Expiro-AV virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine W32/Expiro-AV?



File Info:

name: 31363D38B9369600867C.mlw
path: /opt/CAPEv2/storage/binaries/8734e21353458db3ab1b87c466fcd78c38c08cd0603d4cbdc6e8f8d0a947f334
crc32: 248C2BB6
md5: 31363d38b9369600867c1df7d912f4a0
sha1: 0c19660cfe3dddd2e0734a3b9b7c7ed0caf5a686
sha256: 8734e21353458db3ab1b87c466fcd78c38c08cd0603d4cbdc6e8f8d0a947f334
sha512: 15f494db27ec4504654b21ad1c44f87c881c22548cd755ad339e8e026ffd0ea1ec3d109b01ef4124764ea199c2fcb03be483a184df978b8e1acffa4b866c574f
ssdeep: 24576:pRwWA10Gpsliir8RwWA10GpOliif8mq0duQZVQJ:H8LpoiirW8Lpuiikmq03ZV
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T15B05AE65D65060FBC32A6A3439DAF7B5882DED3053C151D3AEF6FD5B3168291A33820B
sha3_384: 3585f8d3b0ba7f3f33924cb48b0c01ef3718a24994301425a4853ada789396ffba4dd78672b139107b88eccfe1745ed8
ep_bytes: e84e050000e939feffffcccccccccccc
timestamp: 2001-08-15 22:27:25


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Command Processor
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: cmd
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: Cmd.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

W32/Expiro-AV also known as:

Elasticmalicious (high confidence)
DrWebWin32.Expiro.153
MicroWorld-eScanWin32.Expiro.Gen.6
FireEyeGeneric.mg.31363d38b9369600
ALYacWin32.Expiro.Gen.6
CrowdStrikewin/malicious_confidence_80% (D)
CyrenW32/Expiro.AH.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Expiro.NDJ
ClamAVWin.Virus.Expiro-9891450-0
KasperskyHEUR:Virus.Win32.Expiro.gen
BitDefenderWin32.Expiro.Gen.6
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Xpirat-C [Inf]
Ad-AwareWin32.Expiro.Gen.6
SophosW32/Expiro-AV
VIPRETrojan.Win32.Generic!BT
EmsisoftWin32.Expiro.Gen.6 (B)
GDataWin32.Expiro.Gen.6 (2x)
AviraTR/Patched.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
MAXmalware (ai score=86)
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.520647366
APEXMalicious
FortinetW32/Expiro.NS!tr
AVGWin32:Xpirat-C [Inf]
Cybereasonmalicious.8b9369
PandaTrj/Genetic.gen
MaxSecurevirus.win64.expiro.gen

How to remove W32/Expiro-AV?

W32/Expiro-AV removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment