Categories: Malware

Should I remove “Win32/Amonetize.OT potentially unwanted”?

The Win32/Amonetize.OT potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Amonetize.OT potentially unwanted virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Executable file is packed/obfuscated with MPRESS
Authenticode signature is invalid
Attempts to interact with an Alternate Data Stream (ADS)
Collects information to fingerprint the system
Anomalous binary characteristics

How to determine Win32/Amonetize.OT potentially unwanted?


File Info:
name: 9D49B2AC912D8574A96F.mlwpath: /opt/CAPEv2/storage/binaries/b0ba162cfb6f001b6ac4a549235b15398b09787900e784696ed05846b9b6b2e5crc32: D00B211Fmd5: 9d49b2ac912d8574a96f6d66bdeed68asha1: 0e0e58ea83769810c06dc2e50a02ff9626e8a472sha256: b0ba162cfb6f001b6ac4a549235b15398b09787900e784696ed05846b9b6b2e5sha512: 8c4fed96963a0326c5346b5fb87301e67fe608e7e15ba45f1e8327dbb9c21bc0b0af54304df94abebd9ce0fb89fbe3969efcdaae23acb94d512a0760c595e378ssdeep: 24576:c9V/rnTXIUqiBmgOuBh0lMx7hv4gGVjl7xzX2KWL/JM8l0Wis:UDsUq6xO0h0lMxtZUfA0Ytype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T160353344E045D671C7599D3CC42896FE0DC37D36EA4C23A32D2C3E6EF5BAAB62602716sha3_384: 04ac2bce44c26941ec194ab6dea57ff822adfca979308ac11fa2db8e0e4d535a8b2e1347991d583ba9cf4c3852b59b61ep_bytes: 60e80000000058055a0b00008b3003f0timestamp: 2016-02-02 14:17:34
Version Info:
0: [No Data]

Win32/Amonetize.OT potentially unwanted also known as:

Bkav	W32.AIDetect.malware1
tehtris	Generic.Malware
DrWeb	Adware.Downware.19117
MicroWorld-eScan	Gen:Application.Imonetize.2
FireEye	Generic.mg.9d49b2ac912d8574
McAfee	GenericRXMS-EU!9D49B2AC912D
Cylance	Unsafe
Zillya	Adware.Amonetize.Win32.60581
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Adware ( 004db3121 )
K7GW	Adware ( 004db3121 )
Cybereason	malicious.c912d8
BitDefenderTheta	Gen:NN.ZexaF.34646.cnraaG6GHwii
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Amonetize.OT potentially unwanted
APEX	Malicious
ClamAV	Win.Packed.Zusy-9837875-0
Kaspersky	not-a-virus:VHO:AdWare.Win32.Amonetize.gen
BitDefender	Gen:Application.Imonetize.2
NANO-Antivirus	Trojan.Win32.Amonetize.jscggc
Avast	Win32:Adware-gen [Adw]
Ad-Aware	Gen:Application.Imonetize.2
Emsisoft	Gen:Application.Imonetize.2 (B)
Baidu	Win32.Trojan.Kryptik.aax
VIPRE	Gen:Application.Imonetize.2
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.tc
Trapmine	malicious.high.ml.score
Sophos	Generic PUA AO (PUA)
SentinelOne	Static AI – Malicious PE
GData	Gen:Application.Imonetize.2
Jiangmin	AdWare.Amonetize.hay
Google	Detected
Avira	ADWARE/Amonetize.Gen7
MAX	malware (ai score=73)
Antiy-AVL	Trojan/Generic.ASMalwS.3125
Arcabit	Application.Imonetize.2
Microsoft	PUADlManager:Win32/Amonetize
Cynet	Malicious (score: 99)
VBA32	Downloader.AdLoad
ALYac	Gen:Application.Imonetize.2
Malwarebytes	Malware.AI.3418682966
Tencent	Malware.Win32.Gencirc.10c477a5
Yandex	PUA.Amonetize!hXoBrBKX+SY
Ikarus	PUA.Amonetize
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/Amonetize
AVG	Win32:Adware-gen [Adw]
Panda	Trj/Genetic.gen
CrowdStrike	win/grayware_confidence_100% (W)