Malware

Win32/Expiro.NBI information

Malware Removal

The Win32/Expiro.NBI is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Expiro.NBI virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/Expiro.NBI?



File Info:

name: B7E0CAF5D3B7407E9450.mlw
path: /opt/CAPEv2/storage/binaries/b87d0027141450df0229037f5675730ead939c199513fcb57f1897a7299ddcb4
crc32: 685FD19C
md5: b7e0caf5d3b7407e9450e9b824e35230
sha1: 7ed48d8f880242aef6815c2566b70a20c6421df6
sha256: b87d0027141450df0229037f5675730ead939c199513fcb57f1897a7299ddcb4
sha512: dd3df3cc76e13a30e1ad511852de6c5e795278d223c6d8d74759246403c519b16206b686d8edff0a50798aa53d6362e5b7d0a055b81917d2e63deafeae23ba57
ssdeep: 12288:LMf7R8BM5CbiFWfX95dXMJ+Zf2SwhiaoS:L27R8BrOFqLdXMwZU
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1DED49E2336B76337D8721870BB50D726CF67DCA183B6D7B9A202929EC855A671C313B1
sha3_384: d62ca170cab53499622e294f55392e0be88253963d988829e6e30e0b06e8318f11488d771501ccddfcc68070e1103f29
ep_bytes: 50519052905390545556575589e581ec
timestamp: 2004-08-04 05:58:45


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Smart Card Resource Management Server
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: SCardSvr.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: SCardSvr.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Translation: 0x0409 0x04b0

Win32/Expiro.NBI also known as:

BkavW32.Expiro1NHc.PE
LionicVirus.Win32.Expiro.m3oc
MicroWorld-eScanWin32.Expiro.Gen.2
FireEyeGeneric.mg.b7e0caf5d3b7407e
CAT-QuickHealW32.Expiro.AX
McAfeeW32/Expiro.gen.o
Cylanceunsafe
ZillyaVirus.Expiro.Win32.86
SangforSuspicious.Win32.Save.a
K7AntiVirusVirus ( 0040f4dc1 )
AlibabaVirus:Win32/Expiro.162f4c7d
K7GWVirus ( 0040f4dc1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Virus.Expiro.a
VirITWin32.Expiro.AA
SymantecW32.Xpiro.G
ESET-NOD32Win32/Expiro.NBI
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Virus.Expiro-9844131-0
KasperskyVirus.Win32.Expiro.ao
BitDefenderWin32.Expiro.Gen.2
NANO-AntivirusVirus.Win32.Expiro.bwpjnj
AvastWin32:Xpiro [Inf]
TencentVirus.Win32.Expiro.aoe
EmsisoftWin32.Expiro.Gen.2 (B)
F-SecureMalware.W32/Infector.Gen8
DrWebWin32.Expiro.54
BitDefenderThetaAI:FileInfector.1BB980DD12
TrendMicroPE_EXPIRO.JX
Trapminemalicious.high.ml.score
SophosW32/Expiro-H
IkarusVirus.Win32.Expiro
VaristW32/Expiro.AN
AviraW32/Infector.Gen8
Antiy-AVLVirus/Win32.Expiro.ai
KingsoftWin32.Infected.AutoInfector.a
MicrosoftVirus:Win32/Expiro.CK
XcitiumVirus.Win32.Expiro.isn@4z1wg0
ArcabitWin32.Expiro.Gen.2
ViRobotWin32.Expiro.Gen.C
ZoneAlarmVirus.Win32.Expiro.ao
GDataWin32.Expiro.Gen.2
GoogleDetected
AhnLab-V3Win32/Expiro4.Gen
Acronissuspicious
VBA32Virus.Expiro.cb
ALYacWin32.Expiro.Gen.2
MAXmalware (ai score=100)
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/Expiro.gen
TrendMicro-HouseCallPE_EXPIRO.JX
RisingVirus.Expiro!1.A140 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureVirus.Expiro.W
FortinetW32/Expiro.fam
AVGWin32:Xpiro [Inf]
Cybereasonmalicious.5d3b74
DeepInstinctMALICIOUS
alibabacloudVirus:Win/Expiro.NBE

How to remove Win32/Expiro.NBI?

Win32/Expiro.NBI removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment