Malware

Win32/MorganCatering.A potentially unwanted removal guide

Malware Removal

The Win32/MorganCatering.A potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/MorganCatering.A potentially unwanted virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/MorganCatering.A potentially unwanted?



File Info:

name: B3E946A700CF174C6E3D.mlw
path: /opt/CAPEv2/storage/binaries/3b3c1ca1ab2c21c441988a9ad3d704ece1e9021007bcbe3aa1e2615d3b05709e
crc32: A7B63E54
md5: b3e946a700cf174c6e3df85abb43aec4
sha1: 66dc595cc82f53a6765859e2544b3553d4a4ae40
sha256: 3b3c1ca1ab2c21c441988a9ad3d704ece1e9021007bcbe3aa1e2615d3b05709e
sha512: f617bf03f36e0c76179e2bfbca0d44d4c554f6a850cf8a6c1a4afe0a7d14936436ff44b3682e2c488c96020089d349ba9f5baed93c5b090b05d53a6fe3ef3508
ssdeep: 196608:B5NzC2Dk5PxCJvEHQSjzbOubdVQioVcwqEZ+pnzh692o3Y1:B5o5JqcwSnbdVuPqEonzh69j3Y1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E586223BB258753ED4AE0B3185B39370593BBA75A85A4C1E5BF4080DDF264701E3FA1A
sha3_384: 80eb09a4ebfaa4f4053a706c9ba3772c5444a9aa9e08db962a5a72cbfce4969d75f204631b3753178814910c295ea869
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-11-15 09:48:30


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Долина Богов Setup                                          
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Долина Богов                                                
ProductVersion: 0.0.0.1                                           
Translation: 0x0000 0x04b0

Win32/MorganCatering.A potentially unwanted also known as:

BkavW32.Common.F8AA436C
DrWebAdware.Downware.20520
MalwarebytesPUP.Optional.BundleInstaller
CrowdStrikewin/grayware_confidence_90% (W)
K7GWAdware ( 005b15341 )
K7AntiVirusAdware ( 005b15341 )
SymantecPUA.Gen.2
ESET-NOD32Win32/MorganCatering.A potentially unwanted
Kasperskynot-a-virus:HEUR:Downloader.Win32.Maombi.gen
AvastWin32:Malware-gen
SophosGeneric Reputation PUA (PUA)
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.Maombi.gen
Cylanceunsafe
FortinetRiskware/MorganCatering
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Win32/MorganCatering.A potentially unwanted?

Win32/MorganCatering.A potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment