Malware

Win32/Expiro.DJ malicious file

Malware Removal

The Win32/Expiro.DJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Expiro.DJ virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Expiro.DJ?



File Info:

name: 03144945E936ACFE4BCD.mlw
path: /opt/CAPEv2/storage/binaries/2221725106e9ca40ed10bcad22fe07a8cbd71e392d6c72d3e71ce7f1fb04124d
crc32: 23A5B704
md5: 03144945e936acfe4bcd27c1b7bb145f
sha1: c28a9a801401531fb170339e9d82fb7483ec3c91
sha256: 2221725106e9ca40ed10bcad22fe07a8cbd71e392d6c72d3e71ce7f1fb04124d
sha512: 4a2fa6e025c5eae69942bb3e4b578407a872dd7d9751ffeda01779f02d92fcea1dbcbfc38bab70f4540765737fa8b299e45236081e0a1e43bc68f4982f1f4e10
ssdeep: 3072:PRBcpBIqJzXeGMkOQLLN4FcK25E5we45:PROPXrMkPLLsHS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E2F37B5177C1C4F3C8866531083AD7EA6A3AF5305F6582C377952B2E4D327D26B3A38A
sha3_384: 10c45646ae961aed1a2257fac9228de090f6963ab047e5871c5f47f452e24a08ea7bc85585313ded43792e762496ee24
ep_bytes: e836530000e979feffff6a0c6870f941
timestamp: 2012-04-24 20:46:25


Version Info:

CompanyName: Intel Corporation
FileDescription: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS
FileVersion: 1.0.0.1
LegalCopyright: Copyright (c) 2011, Intel Corporation
InternalName: Intel(R) ICCS
OriginalFilename: ICCProxy.exe
ProductName: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS
ProductVersion: 1.0.0.1
Translation: 0x0409 0x04e4

Win32/Expiro.DJ also known as:

FireEyeGeneric.mg.03144945e936acfe
McAfeeArtemis!03144945E936
SangforTrojan.Win32.Wacatac.B
ESET-NOD32a variant of Win32/Expiro.DJ
APEXMalicious
Paloaltogeneric.ml
AvastFileRepMalware [Misc]
RisingVirus.Expiro!8.375 (CLOUD)
McAfee-GW-EditionArtemis
SentinelOneStatic AI – Malicious PE
AviraTR/Patched.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
AhnLab-V3Malware/Win.Generic.C5083851
MalwarebytesMalware.Heuristic.1001
TrendMicro-HouseCallTROJ_GEN.R002H0AF822
TencentWin32.Virus.Expiro.Bno
FortinetW32/Expiro.DJ
AVGFileRepMalware [Misc]

How to remove Win32/Expiro.DJ?

Win32/Expiro.DJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment