Categories: Malware

About “Win32/AddUser.AD” infection

The Win32/AddUser.AD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/AddUser.AD virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Attempts to restart the guest VM
Overwites local Administrator password
Uses suspicious command line tools or Windows utilities

How to determine Win32/AddUser.AD?


File Info:
name: 142D7A86DEF96B673750.mlwpath: /opt/CAPEv2/storage/binaries/6728472a86414d9095b0a49116c8a5b87a802f0f5e86a7d17519e01a8595f76bcrc32: B443D59Emd5: 142d7a86def96b6737507b4fcd6197dasha1: 427121efc8b78761553ce31a458bb35bdd507505sha256: 6728472a86414d9095b0a49116c8a5b87a802f0f5e86a7d17519e01a8595f76bsha512: 2772a398abb641428a48e6dfc084845cf01a64491218daa87776513ddce7f46893656af09ef3d23d25e452fff05d48191abceb49fe397a5adde5ba6200d688d5ssdeep: 12288:8ah6roDKakL7J18jDgsqUSGjtYLwC1QSLk6cXsagT:846rouazjDgsdSGUHZLk6Csactype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18CC48C4969DE907ED0988A336E4FD6AB4395FCEE58210C7778FA780D96F0E41276C0B4sha3_384: d112c156a703d25f6f26a881b1cc927f3dec6ecf9a789d43c74e939baad7aa4bfbbc0bdbe7500a71763887c9540279b4ep_bytes: f8eb1099897c482639af312d203df7c7timestamp: 2013-10-29 12:52:12
Version Info:
FileVersion: 1.0.0.0FileDescription: 应用软件ProductName: 应用软件ProductVersion: 1.0.0.0LegalCopyright: 作者版权所有 请尊重并使用正版Comments: 应用软件Translation: 0x0804 0x04b0

Win32/AddUser.AD also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.Kq0@rTDGtPob
FireEye	Generic.mg.142d7a86def96b67
CAT-QuickHeal	Trojan.MauvaiseRI.S5244370
McAfee	Flyagent.d
Malwarebytes	Trojan.Crypt
Zillya	Trojan.Crypt.Win32.16289
K7AntiVirus	Trojan ( 0040f54a1 )
BitDefender	Gen:Trojan.Heur.Kq0@rTDGtPob
K7GW	Trojan ( 0040f54a1 )
CrowdStrike	win/malicious_confidence_70% (W)
BitDefenderTheta	AI:Packer.ADF8FD031C
VirIT	Trojan.Win32.Generic.BCYE
Cyren	W32/Agent.KA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/AddUser.AD
Baidu	Win32.Trojan.AddUser.b
ClamAV	Win.Trojan.Agent-1352090
Kaspersky	HEUR:Trojan.Win32.Usad.gen
NANO-Antivirus	Trojan.Win32.Crypt.ddrjau
Rising	Ransom.Adduser!1.C371 (RDMK:cmRtazr4VBv//lyjaXJ1wM6/y8Lb)
Ad-Aware	Gen:Trojan.Heur.Kq0@rTDGtPob
Sophos	Generic ML PUA (PUA)
Comodo	TrojWare.Win32.Agent.OSCF@5rs7jr
DrWeb	Trojan.MulDrop5.48427
VIPRE	Trojan.Win32.Generic.pak!cobra
McAfee-GW-Edition	BehavesLike.Win32.Emotet.hc
SentinelOne	Static AI – Malicious PE
Emsisoft	Gen:Trojan.Heur.Kq0@rTDGtPob (B)
APEX	Malicious
Jiangmin	Trojan/MSIL.aoae
Avira	TR/Spy.589824.172
Antiy-AVL	Trojan/Generic.ASMalwS.B24DD3
Kingsoft	Win32.Heur.KVM007.a.(kcloud)
Microsoft	Trojan:Win32/Woreflint.A!cl
SUPERAntiSpyware	Trojan.Agent/Gen-Dropper
GData	Gen:Trojan.Heur.Kq0@rTDGtPob
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Generic.C289575
Acronis	suspicious
VBA32	Trojan.MSIL.Crypt
MAX	malware (ai score=80)
Cylance	Unsafe
Panda	Trj/Genetic.gen
Tencent	Malware.Win32.Gencirc.10b9cec7
Yandex	Trojan.Crypt!YAflbmolSV4
Ikarus	P2P-Worm.Win32.Palevo
Fortinet	W32/CoinMiner.BELF!tr
AVG	Win32:Malware-gen
Cybereason	malicious.6def96
Avast	Win32:Malware-gen