Malware

How to remove “Win32/Korplug.JM”?

Malware Removal

The Win32/Korplug.JM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Korplug.JM virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • A scripting utility was executed

How to determine Win32/Korplug.JM?



File Info:

name: 661635E774FEF37E5692.mlw
path: /opt/CAPEv2/storage/binaries/aeee80588212bc941e179ca95931a91bf446cbc1446111d4e520243d708f1d5b
crc32: 2FC44008
md5: 661635e774fef37e56928333d6040cac
sha1: dbb93c7b7e36b5eb0dd408e836f7bf305ee076bf
sha256: aeee80588212bc941e179ca95931a91bf446cbc1446111d4e520243d708f1d5b
sha512: 3915284c57c94daaf8ac63f979c132183d912ff1d9602ab87921683e84c64f194be7c31dc7cec0864d5cf39cd2dc388da0b0b59a85bab664ff54cfe8a430b191
ssdeep: 3072:L6jewLG8tgaqHIEFgrLTo520o80c6Dsp:MeEG8mai20w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12ED38D0276E5C8F2E1F665310EB29F7AD775FD704E31CA0B67549A0E1D34A808E2A363
sha3_384: fd5b1878949a7014d04d05af83110024147c2a5e6e72a5d33dcaa2dfc18b03561132ed54773016f67e94bb7980246cc9
ep_bytes: 558bec6aff6818454100682079400064
timestamp: 2018-04-13 06:24:36


Version Info:

CompanyName: 
FileDescription: MFCRun Applicazione MFC
FileVersion: 1, 0, 0, 1
InternalName: MFCRun
LegalCopyright: Copyright (C) 2018
LegalTrademarks: 
OriginalFilename: MFCRun.EXE
ProductName: MFCRun Applicazione
ProductVersion: 1, 0, 0, 1
Translation: 0x0410 0x04b0

Win32/Korplug.JM also known as:

LionicTrojan.VBS.Agent.4!c
MicroWorld-eScanTrojan.GenericKD.47507127
FireEyeTrojan.GenericKD.47507127
ALYacTrojan.GenericKD.47507127
CylanceUnsafe
ZillyaTrojan.Korplug.Win32.975
K7AntiVirusTrojan ( 0052f17f1 )
AlibabaTrojan:VBS/Korplug.0a6683be
K7GWTrojan ( 0052f17f1 )
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Korplug.JM
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Trojan.VBS.Agent.aqu
BitDefenderTrojan.GenericKD.47507127
AvastWin32:Trojan-gen
TencentVbs.Trojan.Agent.Wmiw
Ad-AwareTrojan.GenericKD.47507127
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0WKU21
McAfee-GW-EditionRDN/Generic.dx
EmsisoftTrojan.GenericKD.47507127 (B)
IkarusTrojan.Win32.Korplug
GDataTrojan.GenericKD.47507127
JiangminTrojan.VBS.adi
AviraHEUR/AGEN.1101568
Antiy-AVLTrojan/Generic.ASMalwS.34DB5BB
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Woreflint.A!cl
AhnLab-V3Malware/Win32.Generic.C2548964
McAfeeRDN/Generic.dx
MAXmalware (ai score=88)
VBA32Trojan.VBS.Agent
MalwarebytesMachineLearning/Anomalous.94%
TrendMicro-HouseCallTROJ_GEN.R002C0WKU21
FortinetW32/Korplug.JM!tr
AVGWin32:Trojan-gen
MaxSecureTrojan.Malware.300983.susgen

How to remove Win32/Korplug.JM?

Win32/Korplug.JM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment