Malware

Win32/Filecoder.Phobos.A (file analysis)

Malware Removal

The Win32/Filecoder.Phobos.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Filecoder.Phobos.A virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Attempts to delete volume shadow copies
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Win32/Filecoder.Phobos.A?



File Info:

crc32: 77C084E7
md5: 29f73d430899219a3b652a2226be3a4f
name: 29F73D430899219A3B652A2226BE3A4F.mlw
sha1: 3c6c11696ee77a1f603652fc4091941d9c8fa540
sha256: 86c0fa47c0d4cbc85712d5150fb6a686207f40497722dd43a879dc9df0f2951f
sha512: 6f8593e07d82676ee57feae4297ee00f4e7c5d91470b92a5cadb77374b2dd1676f05ba4e9e3c102b82b909334100308b2e54c14aa93a5ddf4a977f4b351b0c5c
ssdeep: 3072:GcO2peh7TBg0v2/VDaK+BXykaRDaUZxsQ+hC/NhvRlPXaWv2/7DkZsdUpjfKmaCO:yYknm0e/0KAOheYTvrdvmmAfNfby1a
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: All rights reserved. Proteus Digital Health
CompanyName: Proteus Digital Health
FileDescription: Forhis Octetpebibit Hanging Kutsu
ProductName: Whlesale
Languages: English
ProductVersion: 9.6.3.2
PrivateBuild: 9.6.3.2
Translation: 0x0409 0x04b0

Win32/Filecoder.Phobos.A also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen9.28355
ALYacTrojan.Ransomware.GenericKDS.32087124
CylanceUnsafe
ZillyaTrojan.Filecoder.Win32.9539
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/Phobos.7a20ce09
K7GWTrojan ( 0054aab01 )
K7AntiVirusTrojan ( 0054aab01 )
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Filecoder.Phobos.A
APEXMalicious
AvastFileRepMalware
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Agent.xaamye
BitDefenderTrojan.Ransomware.GenericKDS.32087124
NANO-AntivirusTrojan.Win32.Filecoder.fscygh
MicroWorld-eScanTrojan.Ransomware.GenericKDS.32087124
TencentWin32.Trojan.Filecoder.Huzv
Ad-AwareTrojan.Ransomware.GenericKDS.32087124
SophosMal/Generic-S
ComodoMalware@#24uce2tvjbnp9
BitDefenderThetaGen:NN.ZexaF.34104.zq0@amvdtUai
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPLOCKY.SME1
McAfee-GW-EditionBehavesLike.Win32.Ransomware.gc
FireEyeGeneric.mg.29f73d430899219a
EmsisoftTrojan.Ransomware.GenericKDS.32087124 (B)
SentinelOneStatic AI – Malicious PE
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1113061
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.2BF546F
MicrosoftTrojan:Win32/Tiggre!rfn
ArcabitTrojan.Ransomware.GenericS.D1E99C54
ZoneAlarmTrojan.Win32.Agent.xaamye
GDataTrojan.Ransomware.GenericKDS.32087124
TACHYONTrojan/W32.Agent.414208.FI
McAfeeArtemis!29F73D430899
MAXmalware (ai score=100)
VBA32BScope.TrojanPSW.Coins
PandaTrj/CI.A
TrendMicro-HouseCallRansom_HPLOCKY.SME1
RisingTrojan.Generic@ML.94 (RDML:tFbpZunmXOkTzM/4rgdJ+w)
YandexTrojan.Agent!ulRIM6UPFR8
IkarusTrojan-Ransom.GandCrab
MaxSecureTrojan.Malware.7176781.susgen
FortinetW32/Agent.A!tr.ransom
AVGFileRepMalware
Paloaltogeneric.ml

How to remove Win32/Filecoder.Phobos.A?

Win32/Filecoder.Phobos.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment