Risk

About “Win32/RiskWare.DYAMAR.B” infection

Malware Removal

The Win32/RiskWare.DYAMAR.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/RiskWare.DYAMAR.B virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Sniffs keystrokes
  • Checks for the presence of known devices from debuggers and forensic tools
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics

How to determine Win32/RiskWare.DYAMAR.B?


File Info:

crc32: 0D097804
md5: 79583b295398100bc02a0a4c6ec37943
name: 79583B295398100BC02A0A4C6EC37943.mlw
sha1: be73a9c7b22270ad82ee8ecc36156d9af1725f21
sha256: e11b9b4440e110db84edae190fcf3893bfc78200a8a103b4263e768b4b86fd9c
sha512: 2c00ab866bda9b2109b8081901fd137f91749265d7c6031718e2c32fd914363e3d5c1e4100c917055c1814a4a8f90b16e9263b3cd602a3f77b50b9771294c210
ssdeep: 12288:xIRcLQX7kZPswhPXMB1edacosQdn+OnYaak4c9:2yS70Psw2LcacosQt+OLo
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: x7248x6743x6240x6709(C) 2020
InternalName: loader
FileVersion: 1, 0, 0, 1
CompanyName: yida
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: yida loader
SpecialBuild:
ProductVersion: 1, 0, 0, 1
FileDescription: loader
OriginalFilename: loader.dat
Translation: 0x0804 0x04b0

Win32/RiskWare.DYAMAR.B also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
ClamAVWin.Malware.Manbat-6998397-0
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (W)
K7GWRiskware ( 004b92da1 )
K7AntiVirusTrojan ( 004bcce41 )
ESET-NOD32a variant of Win32/RiskWare.DYAMAR.B
APEXMalicious
AvastFileRepMetagen [Malware]
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Farfli.bwvu
MicroWorld-eScanGen:Variant.Doina.3314
SophosMal/EncPk-ACG
BitDefenderThetaGen:NN.ZexaF.34170.Jy0@aSAew1hj
McAfee-GW-EditionBehavesLike.Win32.Dropper.hc
EmsisoftGen:Variant.Doina.3314 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Crypt.XPACK.Gen2
eGambitUnsafe.AI_Score_99%
ArcabitTrojan.Doina.DCF2
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojan:Win32/Farfli.DSK!MTB
Acronissuspicious
McAfeeArtemis!79583B295398
MalwarebytesMalware.AI.843433032
RisingTrojan.Generic@ML.83 (RDML:KRnOdnIqaMUXqnuje+51Zw)
IkarusPUA.RiskWare.DYAMAR
FortinetRiskware/DYAMAR
AVGFileRepMetagen [Malware]
Paloaltogeneric.ml

How to remove Win32/RiskWare.DYAMAR.B?

Win32/RiskWare.DYAMAR.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment