Categories: Fake

What is “W32/FakeFire-G”?

The W32/FakeFire-G is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What W32/FakeFire-G virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Presents an Authenticode digital signature
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Enumerates the modules from a process (may be used to locate base addresses in process injection)
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous binary characteristics

How to determine W32/FakeFire-G?


File Info:
name: 5114F77EAF2771604866.mlwpath: /opt/CAPEv2/storage/binaries/56f5ae8d979844e50688162d936da0e5b06000e97dff3c775fd25c0da236c8ddcrc32: 4A2BF075md5: 5114f77eaf27716048664d8ab421ebb1sha1: d589f67f2eb96f4d10bf86c7c7e3a4c8953eef3csha256: 56f5ae8d979844e50688162d936da0e5b06000e97dff3c775fd25c0da236c8ddsha512: a498006a581c4167d98186063a8442840dbbf28075db5ba51fe8a8458a18e9c0b4db618c8f09ad0871f1682a1b7483deefa804855164890409111fc8f231e6f4ssdeep: 24576:prRoNk7BZpwaewsAjTXVav9MkskCIabjKoh9Wj:prRokpDljkv9M8CIabjKoh9Wjtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1CE654A12B750CD36E16A04F729AA830719A97CA00B1253C7F7547E6E8B32BD1A7F7316sha3_384: c41329fc1bfb916f6be3fd15eeed349e878e9411a7a6b0fb375b4a09417df404da5753f04851ee35fbc509eec35067ffep_bytes: ff250020400000000000000000000000timestamp: 2006-03-07 06:04:44
Version Info:
Translation: 0x0000 0x04b0Comments: vsta_ep32.exeCompanyName: Microsoft CorporationFileDescription: vsta_ep32.exeFileVersion: 8.0.50727.146InternalName: vsta_ep32.exeLegalCopyright: © Microsoft Corporation. All rights reserved.OriginalFilename: vsta_ep32.exeProductName: Microsoft (R) Visual Studio (R) 2005ProductVersion: 8.0.50727.146Assembly Version: 8.0.0.0

W32/FakeFire-G also known as:

Bkav	W32.AIDetectNet.01
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.Agent.Xiang.A
ALYac	Trojan.Agent.Xiang.A
Cylance	Unsafe
Sangfor	[MICROSOFT VISUAL BASIC 5.0]
Cybereason	malicious.eaf277
Baidu	Win32.Trojan.VB.t
Cyren	W32/Emotet.BBS.gen!Eldorado
Elastic	malicious (high confidence)
APEX	Malicious
ClamAV	Win.Malware.Midie-9866099-0
BitDefender	Trojan.Agent.Xiang.A
Avast	Win32:VB-FBX
Sophos	W32/FakeFire-G
DrWeb	Win32.HLLW.Autoruner.547
TrendMicro	WORM_AUTORUN.BTM
McAfee-GW-Edition	BehavesLike.Win32.Generic.th
FireEye	Generic.mg.5114f77eaf277160
Emsisoft	Trojan.Agent.Xiang.A (B)
SentinelOne	Static AI – Malicious PE
GData	MSIL.Worm.Pajetbin.A
Jiangmin	Packed.Krap.gvyf
Arcabit	Trojan.Agent.Xiang.A
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	Artemis!5114F77EAF27
MAX	malware (ai score=80)
VBA32	Worm.AutoRun
Malwarebytes	VB.Virus.FileInfector.DDS
TrendMicro-HouseCall	WORM_AUTORUN.BTM
Rising	Worm.VB!1.DA3E (CLASSIC)
Yandex	Trojan.GenAsa!g8z8LT30jj4
Ikarus	Trojan.Msil
MaxSecure	Trojan.WIN32.msil.pse.1jjgixk_223201
Fortinet	W32/Ipamor.A5BC!tr
BitDefenderTheta	AI:Packer.DFF53E5D1C
AVG	Win32:VB-FBX
CrowdStrike	win/malicious_confidence_100% (D)