Malware

Win32/Filecoder.Conti.A (file analysis)

Malware Removal

The Win32/Filecoder.Conti.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Filecoder.Conti.A virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Exhibits possible ransomware file modification behavior
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Filecoder.Conti.A?



File Info:

crc32: C6D95B1F
md5: ff177bd454a19d15b9050448da3298c4
name: FF177BD454A19D15B9050448DA3298C4.mlw
sha1: 583226f826fcdb66aad87d0e43efb5897956c957
sha256: 2f334c0802147aa0eee90ff0a2b0e1022325b5cba5cb5236ed3717a2b0582a9c
sha512: 903e50c7823196241e486d2504f1f59db4410c46041def7a2eda749cf4f935ea63064b9fd2851baf82dc0ffea4c098a99502fb563bc609aa4a495c05f6e67ebf
ssdeep: 6144:AHIa49uBG/KG3Aaaqthhfr1xrEuPDgFbZig32i2r+W:Aoa4mGFA7qtPiAgGD3
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation.  All rights reserved.
InternalName: CUBE
FileVersion: 1, 0, 0, 1
ProductName: CUBE Application
ProductVersion: 1, 0, 0, 1
FileDescription: CUBE MFC Application
OriginalFilename: CUBE.EXE
Translation: 0x0409 0x04b0

Win32/Filecoder.Conti.A also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.Inject3.30210
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Delshad
ALYacTrojan.Ransom.Filecoder
CylanceUnsafe
ZillyaTrojan.DelShad.Win32.228
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055ae661 )
AlibabaTrojan:Win32/DelShad.6883ed6a
K7GWTrojan ( 0055ae661 )
Cybereasonmalicious.454a19
CyrenW32/Agent.BIK.gen!Eldorado
ESET-NOD32Win32/Filecoder.Conti.A
ZonerTrojan.Win32.84865
APEXMalicious
AvastOther:Malware-gen [Trj]
ClamAVWin.Malware.Emotet-7997992-0
KasperskyTrojan.Win32.DelShad.blq
BitDefenderTrojan.GenericKD.32727036
NANO-AntivirusTrojan.Win32.DelShad.ggjyas
ViRobotTrojan.Win32.S.Agent.308226
MicroWorld-eScanTrojan.GenericKD.32727036
TencentWin32.Trojan.Delshad.Eehb
Ad-AwareTrojan.GenericKD.32727036
SophosML/PE-A + Mal/EncPk-APC
ComodoMalware@#256i5bgbkww7t
BitDefenderThetaGen:NN.ZexaF.34628.sq1@amMz6mmi
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom.Win32.CONTI.A
McAfee-GW-EditionEmotet-FNZ!FF177BD454A1
FireEyeGeneric.mg.ff177bd454a19d15
EmsisoftTrojan.Emotet (A)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.DelShad.pm
WebrootW32.Trojan.Gen
AviraTR/AD.ShellcodeCrypter.xihzp
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Emotet.GM!MTB
ArcabitTrojan.Generic.D1F35FFC
AegisLabTrojan.Win32.DelShad.4!c
ZoneAlarmHEUR:Trojan-Banker.Win32.Emotet.gen
GDataWin32.Trojan.Agent.Y3V6PT
TACHYONRansom/W32.DelShad.308226
AhnLab-V3Malware/Win32.Generic.R296827
McAfeeEmotet-FNZ!FF177BD454A1
MAXmalware (ai score=100)
VBA32Trojan.DelShad
MalwarebytesTrojan.MalPack.Generic
PandaTrj/WLT.E
TrendMicro-HouseCallRansom.Win32.CONTI.A
RisingTrojan.DelShad!8.107D7 (KTSE)
IkarusWin32.SuspectCrc
MaxSecureTrojan.Malware.74768861.susgen
FortinetW32/GenKryptik.DWDK!tr
AVGOther:Malware-gen [Trj]
Qihoo-360Win32/Trojan.ShellCode.HgIASOkA

How to remove Win32/Filecoder.Conti.A?

Win32/Filecoder.Conti.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment