Risk

Win32/RiskWare.ZhangGuoJian.B (file analysis)

Malware Removal

The Win32/RiskWare.ZhangGuoJian.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/RiskWare.ZhangGuoJian.B virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/RiskWare.ZhangGuoJian.B?



File Info:

name: 1038A8CAC2D2C69DD02B.mlw
path: /opt/CAPEv2/storage/binaries/edd7281ead17cd19b78cf7e253783257c8e451a55f772d1b046083c48e198e7a
crc32: AEA530C0
md5: 1038a8cac2d2c69dd02be95adb4bbc94
sha1: b4df27290e4a526c02e265c217c95f30c65af4ea
sha256: edd7281ead17cd19b78cf7e253783257c8e451a55f772d1b046083c48e198e7a
sha512: 34be79fb8e3bdae2eeed4e152c1887fc39f66dd490f835b403a09e69da7eee95d4da18032e2af948c5c71ad4eadcfbf37070853ed8d2c4b6a67f48ff1889c187
ssdeep: 12288:EDT4r7lPPn/33YV0hU0ylWIAidxwiCRnP9ae90K:CTo7l3/x0lWI7dqilA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E8B46B10B781D476C26225784AA2F6FA3669AC311F2446C736D43E7F3F316D1AE3835A
sha3_384: 546680f9c16e44b089a831ae4f01fbec15b1d0812d1af33eb5cdbb66b61391b6543fdac98b10e8c22657cc17f35aa3e4
ep_bytes: e8ee610000e979feffff3b0d00764500
timestamp: 2013-02-01 06:18:57


Version Info:

FileVersion: 2013, 2, 1, 1
InternalName: RunGameEx.exe
LegalCopyright: 保留所有权利。
OriginalFilename: RunGameEx.exe
ProductVersion: 2013, 2, 1, 1
Translation: 0x0804 0x03a8

Win32/RiskWare.ZhangGuoJian.B also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
ClamAVWin.Trojan.Ramnit-6938
McAfeeArtemis!1038A8CAC2D2
ZillyaTool.ZhangGuoJian.Win32.25
SangforTrojan.Win32.Agent.Vzbt
CrowdStrikewin/grayware_confidence_70% (D)
K7GWTrojan ( 00587e511 )
K7AntiVirusTrojan ( 00587e511 )
BitDefenderThetaGen:NN.ZexaF.36662.Fu0@aWf8fibj
ESET-NOD32a variant of Win32/RiskWare.ZhangGuoJian.B
APEXMalicious
NANO-AntivirusTrojan.Win32.RiskGen.duckak
AvastWin32:Malware-gen
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Simfect.hh
SUPERAntiSpywareAdware.ZhangGoujian/Variant
GoogleDetected
VBA32BScope.Trojan.Bitrep
MalwarebytesAlman.Virus.FileInfector.DDS
RisingTrojan.Generic@AI.84 (RDML:ko+Avy44br+Lfm5aiq2oRg)
YandexTrojan.Strictor!NHyckMLgOBI
IkarusPUA.RiskWare.Zhangguojian
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Win32/RiskWare.ZhangGuoJian.B?

Win32/RiskWare.ZhangGuoJian.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment