Malware

What is “Win32/Packed.Enigma.AAF”?

Malware Removal

The Win32/Packed.Enigma.AAF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Packed.Enigma.AAF virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Packed.Enigma.AAF?



File Info:

name: 401F3CAE00A83AECC0AE.mlw
path: /opt/CAPEv2/storage/binaries/e7dc7fe398fb975466d29b4bd464fb4f0b44eee2249280c36fc1ccf8adba5892
crc32: 8A6A4D1A
md5: 401f3cae00a83aecc0ae7308e4f18c32
sha1: 16d474918c9533db83d6922274863b83805f2f23
sha256: e7dc7fe398fb975466d29b4bd464fb4f0b44eee2249280c36fc1ccf8adba5892
sha512: dc9759a42d836bf39c717f53d23ca1aa6f5f8b828d0239ffb19117f19953042e8af927434637bc9ead73a3ab2f1645f6f45623ee4ff4ca73c12a7cc854bf1f7f
ssdeep: 98304:04G4IxiODW38TrJY0wHBb4D+YymxYAhnKU4B7y1p1fGzvFM0S1p:dLODWg6BC9ym2sW5y1Xfimp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F4363371FB440982F4BC61B26CFC8F07724FBF5172C7DB4A94A52A1B9DA06CAC517A06
sha3_384: 225723d521a27bf1980b639653d338dab9b4b19203538cbcb6399d259077d71285068817bc09873848df02cf0ce98b3a
ep_bytes: 558bec6aff684851400068e435400064
timestamp: 2000-02-23 18:51:14


Version Info:

Comments: This setup code is the property of Indigo Rose Corporation
CompanyName: Indigo Rose Corporation http://www.indigorose.com
FileDescription: Setup Factory setup launcher
FileVersion: 5.0.1
InternalName: setup
LegalCopyright: Copyright © 2000 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: setup.exe
PrivateBuild: 
ProductName: setup
ProductVersion: 5.0.1
SpecialBuild: 
Translation: 0x0409 0x04e4

Win32/Packed.Enigma.AAF also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
SkyhighArtemis
MalwarebytesGeneric.Malware/Suspicious
SangforTrojan.Win32.Generic.ky
K7AntiVirusTrojan ( 000046bb1 )
AlibabaPacked:Win32/Enigma.d0f22688
K7GWTrojan ( 000046bb1 )
BitDefenderThetaGen:NN.ZevbaF.36792.2y3@a48k9umi
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Packed.Enigma.AAF
CynetMalicious (score: 99)
ClamAVWin.Trojan.Scar-6903583-0
KasperskyUDS:Trojan.Win32.Generic
AvastWAT:Blacked-E
TencentWin32.Trojan.Generic.Tsmw
F-SecureTrojan.TR/Agent.shqva
SophosMal/Generic-S
IkarusTrojan.Win32.Enigma
AviraTR/Agent.shqva
Antiy-AVLGrayWare/Win32.EnigmaProtect.a
XcitiumMalware@#vqmxjtl4kp9r
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmHEUR:Trojan.Win32.Generic
GoogleDetected
McAfeeArtemis!401F3CAE00A8
VBA32Trojan.Tiggre
Cylanceunsafe
PandaTrj/CI.A
FortinetW32/Generic!tr
AVGWAT:Blacked-E
DeepInstinctMALICIOUS

How to remove Win32/Packed.Enigma.AAF?

Win32/Packed.Enigma.AAF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment