Win32/Leprum.V information

The Win32/Leprum.V is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Leprum.V virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Sample contains Overlay data
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• Anomalous file deletion behavior detected (10+)
• A process attempted to delay the analysis task.
• Dynamic (imported) function loading detected
• Reads data out of its own binary image
• CAPE extracted potentially suspicious content
• Unconventionial language used in binary resources: Russian
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• A scripting utility was executed
• Deletes its original binary from disk
• Checks for the presence of known windows from debuggers and forensic tools
• Checks for the presence of known windows from debuggers and forensic tools
• Creates a copy of itself
• Deletes executed files from disk

How to determine Win32/Leprum.V?

File Info:
name: 42B7C054131B782F7F5B.mlw
path: /opt/CAPEv2/storage/binaries/4515d0f6bca8fbadc97bf8164ac7eb5d83483120c6d224bedbe97a7b562053c3
crc32: D66B0294
md5: 42b7c054131b782f7f5ba49d99a581d3
sha1: 714a8e2b47118d622591d04e15fa77036a8d3eba
sha256: 4515d0f6bca8fbadc97bf8164ac7eb5d83483120c6d224bedbe97a7b562053c3
sha512: f79c32ee3df143c12450009b8b594d322f7a49640b6b15409cd6315722f18a5af77f366706d2df4113c5fb1e5a86814dafdf76d382114225eaad29fbb3ab1ac8
ssdeep: 6144:FMoF/CAr4rIPBkCELb5uQm472PhkNWkXLc0b9Fyn1YAF8DEz6x03tJ5tMpefpAZ:7ruIPbEHsQm47Pc78wz6SVt7fpa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T166E48C82689186B8C866CC73565FE0E0471BADA1FD5FEC8726C633CE66B25C1353099F
sha3_384: a4da31f9e9233d09b43631c2d4b04baa492fc3c89b32edc73410728033e4f9b166129d796b19b98a9365850a7f3c7434
ep_bytes: 558bec60e88bfdffff8920e8c0feffff
timestamp: 1992-06-19 22:22:17

Version Info:
CompanyName: Intellect-Soft
FileDescription: Universal Cryptographic Interface COM Server
FileVersion: 2.1.1.2
InternalName: Universal Cryptographic Interface COM Server
LegalCopyright: (c) Intellect-Soft.  All rights reserved.
LegalTrademarks: Intellect-Soft
OriginalFilename: UniCryptC
ProductName: Universal Cryptographic Interface COM Server
ProductVersion: 2.1.1.2
Translation: 0x0800 0x04b0

Win32/Leprum.V also known as:

How to remove Win32/Leprum.V?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.