Malware

About “Win32/MailRu.H potentially unwanted” infection

Malware Removal

The Win32/MailRu.H potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/MailRu.H potentially unwanted virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Win32/MailRu.H potentially unwanted?



File Info:

name: 8AFA0C459DA720267633.mlw
path: /opt/CAPEv2/storage/binaries/8efc8c4f91e5919380b46695410fe26247cfc5f79aae64e1337bc8ccb33aa6bb
crc32: 026AE5E0
md5: 8afa0c459da7202676335e7d3ea53c18
sha1: dfd63a501d6713188c9a3fdd951a3900ab82cbe1
sha256: 8efc8c4f91e5919380b46695410fe26247cfc5f79aae64e1337bc8ccb33aa6bb
sha512: d0c4ae86339e0de7607d40ee68ed59dcd63f315a2f668a639eca2a56498b258883173a6b2b6659c3686490484e9db7c0b23002abcd5a9bf8fd994226a0d98904
ssdeep: 196608:cZ+mGJ7gkO487Gx8TDdKRYoW3/XRyDSXgsm:cZ+mGJ7g993TDdK0By2wsm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AC76F112B784C135E5A301B15A7DAB3E482DAA31177558C3F3C41E6E2A70AD36B37B4B
sha3_384: 0321ff1a021ebcb587ae49cd89677155798704f986434b2d72405b9a5d4c7627a7b9a8bc1270d1ac69e7919e4384c4cf
ep_bytes: e884100100e97ffeffffcccccccccccc
timestamp: 2015-02-19 18:21:37


Version Info:

CompanyName: Mail.Ru
FileDescription: Mail.Ru updater
FileVersion: 1.0.12.52
InternalName: MailRuUpdater
LegalCopyright: Copyright 2011
OriginalFilename: MailRuUpdater.exe
ProductName: MailRuUpdater
ProductVersion: 1.0.12.52
Comments: 
Translation: 0x0409 0x04b0

Win32/MailRu.H potentially unwanted also known as:

Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/MailRu.H potentially unwanted
APEXMalicious
Paloaltogeneric.ml
SophosGeneric ML PUA (PUA)
ComodoApplicUnwnt@#12jifx8mee8ct
SentinelOneStatic AI – Suspicious PE
Antiy-AVLTrojan/Generic.ASBOL.C627
GoogleDetected
VBA32Trojan.Wacatac
IkarusPUA.MailRu

How to remove Win32/MailRu.H potentially unwanted?

Win32/MailRu.H potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment