Malware

Win32.Expiro.Gen.2 (B) malicious file

Malware Removal

The Win32.Expiro.Gen.2 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32.Expiro.Gen.2 (B) virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32.Expiro.Gen.2 (B)?



File Info:

name: AB75C1B23B0C2DA1C831.mlw
path: /opt/CAPEv2/storage/binaries/00ce312a7622a80a0ad015551d9c2ff0eccdb8dc099519aadf22f2cf988e80fb
crc32: D2C0BB24
md5: ab75c1b23b0c2da1c83185bf7e88e580
sha1: 41f57823341512d94a642ccf71e9c44e2b18fc7c
sha256: 00ce312a7622a80a0ad015551d9c2ff0eccdb8dc099519aadf22f2cf988e80fb
sha512: c938673e20a6dc6e763c7f112e0b311bef33b759b5be8e3f741d9400fc4ae6fa060615ffdf42e72d16397c4fc08b2ca6f78074396c5634b26d5863ba8b1707a7
ssdeep: 12288:PjaEeS/CxyRz7SpwFS84nz6upAfkyS1i1bGVVQ5S8WdYCD:PjakCxwdFS84zkeWGVVQ56dYC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T125C48E00B1BEC0EBD415B975214AD2CB59546CD9B2ACCD97EBF380E920CEC2D66712E7
sha3_384: d88d1727a3b90c45bf33164bde0d9caab71eb7ca49181c3437a25fa31ac2f4c9ee80e5bbd26faf708a1ba4e4c0929dbb
ep_bytes: 42425041514a4a524153415441555689
timestamp: 2004-08-04 05:59:28


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Content Index service
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: cisvc.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: cisvc.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Translation: 0x0409 0x04b0

Win32.Expiro.Gen.2 (B) also known as:

BkavW32.ExpiroMVf.PE
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Expiro.Gen.2
ClamAVWin.Virus.Expiro-9968608-0
FireEyeGeneric.mg.ab75c1b23b0c2da1
CAT-QuickHealW32.Expiro.AX
SkyhighBehavesLike.Win32.Expiro.hc
McAfeeW32/Expiro.gen.o
ZillyaVirus.Expiro.Win32.35
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 0040f4dc1 )
AlibabaVirus:Win32/Expiro.37581b47
K7GWVirus ( 0040f4dc1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Virus.Expiro.a
VirITWin32.Expiro.AG
SymantecW32.Xpiro.D
ESET-NOD32Win32/Expiro.NBO
TrendMicro-HouseCallPE_EXPIRO.JX
CynetMalicious (score: 100)
KasperskyVirus.Win32.Expiro.aq
BitDefenderWin32.Expiro.Gen.2
NANO-AntivirusVirus.Win32.Expiro.clnvwd
AvastWin32:Xpirat [Inf]
TencentVirus.Win32.Expiro.aof
EmsisoftWin32.Expiro.Gen.2 (B)
F-SecureMalware.W32/Expiro.akoa
DrWebWin32.Expiro.66
VIPREWin32.Expiro.Gen.2
TrendMicroPE_EXPIRO.JX
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosW32/Expiro-H
IkarusVirus.Win32.Expiro
JiangminVirus.Expiro.b
GoogleDetected
AviraW32/Expiro.akoa
Antiy-AVLVirus/Win32.Expiro.aq
Kingsoftmalware.kb.a.1000
MicrosoftVirus:Win32/Expiro.BA
XcitiumVirus.Win32.Expiro.NB@531brf
ArcabitWin32.Expiro.Gen.2
ZoneAlarmVirus.Win32.Expiro.aq
GDataWin32.Expiro.Gen.2
VaristW32/Expiro.AZ
AhnLab-V3Win32/Expiro4.Gen
Acronissuspicious
BitDefenderThetaAI:FileInfector.1BB980DD12
ALYacWin32.Expiro.Gen.2
MAXmalware (ai score=100)
VBA32Virus.Expiro.aq
Cylanceunsafe
PandaW32/Expiro.gen
APEXMalicious
RisingVirus.Expiro!1.A140 (CLASSIC)
MaxSecureVirus.Expiro.W
FortinetW32/Expiro.fam
AVGWin32:Xpirat [Inf]
DeepInstinctMALICIOUS
alibabacloudVirus:Win/Expiro.TMMATBMSIKRTIL

How to remove Win32.Expiro.Gen.2 (B)?

Win32.Expiro.Gen.2 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment