Malware

Win32/Filecoder.Avaddon.C (file analysis)

Malware Removal

The Win32/Filecoder.Avaddon.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Filecoder.Avaddon.C virus can do?

  • At least one process apparently crashed during execution
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • A process created a hidden window
  • Drops a binary and executes it
  • Creates an autorun.inf file
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Attempts to delete volume shadow copies
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Modifies boot configuration settings
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks the system manufacturer, likely for anti-virtualization
  • Clears Windows events or logs
  • Creates a copy of itself
  • Attempts to disable UAC
  • Attempts to modify UAC prompt behavior
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Filecoder.Avaddon.C?



File Info:

crc32: DC837516
md5: 9f3c7a211ff7c5dffb694031552cd9ae
name: 9F3C7A211FF7C5DFFB694031552CD9AE.mlw
sha1: e7c0e2cd0bb1082cb50732b5af879cdbf01a0c2d
sha256: fcd166d0da4f6aa25391db781b062123ffcdea0269f53bacd196c7a4474a5756
sha512: 834ce8ed052b7872eb6e2d104f7bca5527f31ab7f193aab738a2ba089660b3df1d76b9e8109ceb44ee529aa8bcd1f59e37bac12fbc6c6b6c117dbb971a837e6f
ssdeep: 12288:2TsEoqITFUyBg3xtezkWa5W/yVuyl7gDcarm/qxLJtcCuhurME6D6ry:2TsEJ+CSg3xtezkWa5IyVb9otm/qxt2
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: taskhost.exe
FileVersion: 10.0.17763.831 (WinBuild.160101.0800)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 10.0.17763.831
FileDescription: Host Process for Windows Tasks
OriginalFilename: taskhost.exe
Translation: 0x0409 0x04b0

Win32/Filecoder.Avaddon.C also known as:

Elasticmalicious (high confidence)
McAfeeGenericRXAA-AA!9F3C7A211FF7
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Save.a
BitDefenderGen:Variant.Ransom.Avaddon.3
CrowdStrikewin/malicious_confidence_60% (D)
ArcabitTrojan.Ransom.Avaddon.3
CyrenW32/Ransom.OS.gen!Eldorado
SymantecDownloader
APEXMalicious
AvastWin32:RansomX-gen [Ransom]
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.DelShad.gen
MicroWorld-eScanGen:Variant.Ransom.Avaddon.3
RisingRansom.Avaddon!1.C7A8 (C64:YzY0Onu09fjl9yel)
Ad-AwareGen:Variant.Ransom.Avaddon.3
EmsisoftGen:Variant.Ransom.Avaddon.3 (B)
F-SecureHeuristic.HEUR/AGEN.1136765
DrWebTrojan.Encoder.33477
ZillyaTrojan.Filecoder.Win32.17713
TrendMicroRansom.Win32.AVADDON.SMTHA
MaxSecureTrojan.Malware.74279478.susgen
FireEyeGeneric.mg.9f3c7a211ff7c5df
SophosML/PE-A
IkarusTrojan-Ransom.Avaddon
JiangminTrojan.DelShad.ayx
AviraHEUR/AGEN.1136765
MAXmalware (ai score=85)
Antiy-AVLTrojan/Win32.DelShad
MicrosoftRansom:Win32/Avaddon.MK!MTB
ZoneAlarmHEUR:Trojan.Win32.DelShad.gen
GDataGen:Variant.Ransom.Avaddon.3
AhnLab-V3Malware/Win32.Ransom.C4280530
ALYacGen:Variant.Ransom.Avaddon.3
MalwarebytesRansom.Avaddon
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Filecoder.Avaddon.C
TrendMicro-HouseCallRansom.Win32.AVADDON.SMTHA
YandexTrojan.DelShad!/45YM/sUdvI
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/Avaddon.C!tr.ransom
BitDefenderThetaGen:NN.ZexaF.34590.Vu0@aGfdA!fi
AVGWin32:RansomX-gen [Ransom]
Cybereasonmalicious.11ff7c

How to remove Win32/Filecoder.Avaddon.C?

Win32/Filecoder.Avaddon.C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment