Adware

Win32/Adware.Kraddare.NC removal instruction

Malware Removal

The Win32/Adware.Kraddare.NC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Adware.Kraddare.NC virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Adware.Kraddare.NC?



File Info:

name: E014F7A8CD8B77969D94.mlw
path: /opt/CAPEv2/storage/binaries/b4025c72c491b1abef2b2f9392127877ed25e4d6cf83267a25eef944244b1b09
crc32: 8DE24A83
md5: e014f7a8cd8b77969d9456c6c24f1732
sha1: c51374bf398db7905795b9312c466bab150ab559
sha256: b4025c72c491b1abef2b2f9392127877ed25e4d6cf83267a25eef944244b1b09
sha512: 520e3852a454ffb2f0246ca824d64aed3e86428c7ebb7a5b6a766eaed26f9a9dba3324891e39810edffc8ed3c2a32d28ccd074da9ee2020f52b813b5e86abc19
ssdeep: 6144:4Ky69rB3YCYiiBpDNPryu4qUE/iDqsVHGRrZVkXtp:4KyCBoCYRBphDLJaD1Me
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T157341287E7452977C07EC572982B8C9667B892DB7636079B33DC4888BCE123E0BC7156
sha3_384: 5e78476d552e7117234d1aad3deff199b2b525aba85702c75047fbb51dd45959ac298e44bf8d73822ca073a55ea5bcc1
ep_bytes: 807c2408010f85e201000060be007007
timestamp: 2011-12-15 06:43:19


Version Info:

CompanyName: 네오커뮤니케이션
FileDescription: gcodecband.dll
FileVersion: 1.0.1.29
InternalName: gcodecband.dll
LegalCopyright: COPOYRIGHT(C) 네오커뮤니케이션, ALLRIGHT RESERVED.
OriginalFilename: gcodecband.dll
ProductName: gcodecband.dll
ProductVersion: 1.0.1.29
Translation: 0x0412 0x03b5

Win32/Adware.Kraddare.NC also known as:

Elasticmalicious (moderate confidence)
Cylanceunsafe
ZillyaAdware.KraddareCRTD.Win32.11489
CrowdStrikewin/grayware_confidence_90% (D)
ESET-NOD32a variant of Win32/Adware.Kraddare.NC
SophosGeneric Reputation PUA (PUA)
Antiy-AVLGrayWare[AdWare]/Win32.Kraddare
MicrosoftPUA:Win32/Creprote
RisingPUA.Creprote!8.F617 (CLOUD)
YandexTrojan.GenAsa!vj7f5/c6QDg
MaxSecureTrojan.Malware.216257117.susgen
FortinetRiskware/Kraddare

How to remove Win32/Adware.Kraddare.NC?

Win32/Adware.Kraddare.NC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment