Malware

Win32/Pronny.FA malicious file

Malware Removal

The Win32/Pronny.FA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Pronny.FA virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to disable Windows Auto Updates
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32/Pronny.FA?



File Info:

name: AB074AD2DF6710C14DF4.mlw
path: /opt/CAPEv2/storage/binaries/fd6251d88eff7769e2faa49303dec7b7f2ddebaa372bfe83ace13df2ab9824d2
crc32: E02223BA
md5: ab074ad2df6710c14df4513e7138a4f3
sha1: 11ca50cc1b6fc347422b02b4107aeb3ed57fdea6
sha256: fd6251d88eff7769e2faa49303dec7b7f2ddebaa372bfe83ace13df2ab9824d2
sha512: 350c4ee60ecd644d7ac6259c12d7421a1be2d117bf457d6667bffe65fd9ca93b7eefc69f377e2d2d554d98eeeaa8f336c8845fe727d3c027ea27d357cc88ced1
ssdeep: 3072:r1zxYpWufuMJuQSamFi5eLb532qRgzqRe/aT4E1KZnBmaOtDvJRZ8Ng0ykd7XsjH:r1zxKib532qRmqRe/aT4EYDmaOtNRKNA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E964191673A0FA2AD5218BF02AAA43B4517EEC3115D1A907F7803F1E77B2E975236713
sha3_384: d0e8de9990eff5b3936bcb76f9b98ffa161fdacd4933516c07cb5d86dda0a0225057a656394496acb3a06baeb165ae33
ep_bytes: 6864434000e8eeffffff000068000000
timestamp: 2012-10-04 19:27:38


Version Info:

Translation: 0x0409 0x04b0
ProductName: ricksha
FileVersion: 8.42
ProductVersion: 8.42
InternalName: incettero
OriginalFilename: incettero.exe

Win32/Pronny.FA also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Barys.431239
FireEyeGeneric.mg.ab074ad2df6710c1
CAT-QuickHealTrojan.Beebone.D
SkyhighBehavesLike.Win32.VBObfus.fm
McAfeeGenDownloader.rv
MalwarebytesGeneric.Malware.AI.DDS
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0054d10f1 )
K7GWEmailWorm ( 0054d10f1 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Worm.Pronny.d
VirITTrojan.Win32.SHeur4.AQUQ
SymantecW32.Changeup
ESET-NOD32Win32/Pronny.FA
APEXMalicious
TrendMicro-HouseCallWORM_VOBFUS.SMAS
ClamAVWin.Trojan.Changeup-6169544-0
KasperskyWorm.Win32.Vobfus.scu
BitDefenderGen:Variant.Barys.431239
NANO-AntivirusTrojan.Win32.WBNA.csfhhl
AvastWin32:VB-AEQD [Trj]
TencentWorm.Win32.Vobfus.kaz
TACHYONWorm/W32.Vobfus.323638
EmsisoftGen:Variant.Barys.431239 (B)
GoogleDetected
F-SecureTrojan.TR/Symmi.2336989
DrWebWin32.HLLW.Autoruner1.27186
VIPREGen:Variant.Barys.431239
TrendMicroWORM_VOBFUS.SMAS
SophosMal/SillyFDC-W
IkarusWorm.Win32.Vobfus
JiangminWorm/WBNA.diik
VaristW32/VB.HE.gen!Eldorado
AviraTR/Symmi.2336989
Antiy-AVLWorm/Win32.WBNA.gen
Kingsoftmalware.kb.a.999
MicrosoftWorm:Win32/Vobfus.IY
XcitiumWorm.Win32.VB.PJT@4r48sc
ArcabitTrojan.Barys.D69487
ViRobotWorm.Win32.A.Vobfus.305927
ZoneAlarmWorm.Win32.Vobfus.scu
GDataGen:Variant.Barys.431239
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Vobfus.R38791
VBA32Malware-Cryptor.VB.gen
ALYacGen:Variant.Barys.431239
MAXmalware (ai score=80)
Cylanceunsafe
PandaTrj/Genetic.gen
RisingWorm.Pronny!8.2E9 (TFE:3:1kmOeqQQlkH)
YandexTrojan.GenAsa!h1mNOJ3gpiw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.4636701.susgen
FortinetW32/VBKrypt.CA!tr
BitDefenderThetaGen:NN.ZevbaF.36802.tm1@auZqqini
AVGWin32:VB-AEQD [Trj]
Cybereasonmalicious.2df671
DeepInstinctMALICIOUS
alibabacloudWorm:Win/Vobfus.16fb5ccc

How to remove Win32/Pronny.FA?

Win32/Pronny.FA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment