Malware

Win32/MorganCatering.A potentially unwanted (file analysis)

Malware Removal

The Win32/MorganCatering.A potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/MorganCatering.A potentially unwanted virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering

How to determine Win32/MorganCatering.A potentially unwanted?



File Info:

name: D561A7CB0D93A12FB71F.mlw
path: /opt/CAPEv2/storage/binaries/a85373dfe7c896412a084af060632131f6f80761b13589fb4f824c4b785c4e7e
crc32: 7EC372FC
md5: d561a7cb0d93a12fb71ffeecd4ddf568
sha1: 12767fa39624f27b260bcb00741c5229b32e1958
sha256: a85373dfe7c896412a084af060632131f6f80761b13589fb4f824c4b785c4e7e
sha512: e1b18bb6354980c3f1d9cf9fcdde46bcb3b3451ab32015bfe669aaad26355b4ae376a53a26d5e70c9b631c2781d158414b0c6f127c95820e5b038a156bc1d9d0
ssdeep: 98304:I1QTjjVaYF4Aqi6V+0s/5m0LkJsNBDAKT3U5mpy/T8+l+LrvYGU/ppDgER6C:s0Jae4Aqr5BsL5E8py/IZLMVnDTR5
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1475613377799E53EC09A2B3505B2E11094FFA668E8176E126BF4C88CCF374C42D3A665
sha3_384: a0715e55a7a8cebc20d2aa14232d9608754a14d453e9dd206bd03166bdf9c392dd2de49710b9adddc78738f2c483a067
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2019-10-12 11:15:57


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Тайны зеркала 2. Забытые королевства Setup                  
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Тайны зеркала 2. Забытые королевства                        
ProductVersion: 0.0.0.1                                           
Translation: 0x0000 0x04b0

Win32/MorganCatering.A potentially unwanted also known as:

BkavW32.Common.3C8979B8
SkyhighArtemis
McAfeeArtemis!D561A7CB0D93
Cylanceunsafe
SangforTrojan.Win32.Morgancatering.Vsuy
K7AntiVirusAdware ( 005ad2df1 )
K7GWAdware ( 005ad2df1 )
ESET-NOD32Win32/MorganCatering.A potentially unwanted
AvastWin32:Malware-gen
DrWebAdware.Downware.20520
MalwarebytesPUP.Optional.BundleInstaller
TrendMicro-HouseCallTROJ_GEN.R002V01K123
FortinetRiskware/MorganCatering
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Win32/MorganCatering.A potentially unwanted?

Win32/MorganCatering.A potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment