Malware

About “Win32/LingyunNet.A potentially unwanted” infection

Malware Removal

The Win32/LingyunNet.A potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/LingyunNet.A potentially unwanted virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Detects Bochs through the presence of a registry key
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Collects information to fingerprint the system
  • Suspicious wmic.exe use was detected

How to determine Win32/LingyunNet.A potentially unwanted?



File Info:

name: 32705180AD04925BB9CA.mlw
path: /opt/CAPEv2/storage/binaries/bea23a43516196082bad5c47784233b3ee0b4b0217384a74781616dadd84db50
crc32: B5830586
md5: 32705180ad04925bb9ca3753bae753b5
sha1: 8d31cc5725d82229213ed13d1c62c8faec59261e
sha256: bea23a43516196082bad5c47784233b3ee0b4b0217384a74781616dadd84db50
sha512: f6496ad3ae6e7b93ada9fc1030f544e130def34fdea71789efb9588470ec7a1d864b3dca186a6aebb387f691bbbb5f190872e8845aadac41788bf911641b05f6
ssdeep: 49152:yi/lcQu8QmjCh+1XWj4YhXWI7aWjxWDw0:yal7Q7gE49CjKJ
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1448533A5EFA12C42CBDF69326398D9A3FE05F3885F42C887A408DC50F659F27A7C5506
sha3_384: 551e4eacf46fa574be616ecd9a76af3b7ad7e041c1ef60d38523a818944c91d35b021026e7493c825e52dccf5016b743
ep_bytes: 60be155074008dbeebbfcbff5783cdff
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

Win32/LingyunNet.A potentially unwanted also known as:

Elasticmalicious (moderate confidence)
McAfeeArtemis!32705180AD04
CylanceUnsafe
SangforTrojan.Win32.Application.Agent
Cybereasonmalicious.0ad049
ESET-NOD32a variant of Win32/LingyunNet.A potentially unwanted
RisingPUA.LingyunNet!8.15363 (CLOUD)
McAfee-GW-EditionArtemis
SentinelOneStatic AI – Suspicious PE
GDataWin32.Application.Agent.2TFHWD
AhnLab-V3Trojan/Win32.Wacatac.C4190983
VBA32TrojanRansom.Convagent
IkarusPUA.LingyunNet
FortinetW32/PossibleThreat

How to remove Win32/LingyunNet.A potentially unwanted?

Win32/LingyunNet.A potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment