Win32/ShellcodeRunner.W removal tips

The Win32/ShellcodeRunner.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/ShellcodeRunner.W virus can do?

Dynamic (imported) function loading detected
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Win32/ShellcodeRunner.W?


File Info:
name: C0C5462FE59BCF302078.mlw
path: /opt/CAPEv2/storage/binaries/0dae37b0d59647b7ec40e6983fa9f9d2cca59ea77b1aee77fb8ed5451d27c1b3
crc32: 6585CA3F
md5: c0c5462fe59bcf302078bd1f29e53290
sha1: 1552bf799f379d0c0c5e485f30766824a7f5418c
sha256: 0dae37b0d59647b7ec40e6983fa9f9d2cca59ea77b1aee77fb8ed5451d27c1b3
sha512: 31a5bb3a4703c461ab9a4b50a4adad4ce9521450957a6868c831d9185c7f3f0430c1b15e31dc6e6a8dbf7657e3f0ae5eba1ed224a7c9dd0826d353b6f0142e99
ssdeep: 3072:KrtrdY3fJcDRIGDf8fjfnfnfnfzfbfbfbfYf/f/f/frfffLfffLfffLfffaffffu:K7Y3fqDRIGoS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T143B3C71161425576E23F4A724EBFA829514CFEA20F0069F373887DAD95BF4E23D6211F
sha3_384: bc876da98d5659a0639b6ddf227f35dbf80414c182d6efa7c1d636441389789659d896a97d8b7bf1a7afde25daf5e2db
ep_bytes: 558bec6aff685032410068c001410064
timestamp: 2022-07-11 07:02:53

Version Info:
Comments: 
CompanyName: 5b6t5etvetbetv
FileDescription: 5b6t5etvetbetv
FileVersion: 1, 0, 0, 1
InternalName: 5b6t5etvetbetv
LegalCopyright: 版权所有(C) 2021
LegalTrademarks: 
OriginalFilename: 5b6t5etvetbetv
PrivateBuild: 
ProductName: 5b6t5etvetbetv
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x0804 0x04b0

Win32/ShellcodeRunner.W also known as:

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.49410944
CAT-QuickHeal	Trojan.Agent
McAfee	RDN/Generic.dx
Cylance	Unsafe
Sangfor	Trojan.Win32.Shellcoderunner.Vwl0
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Trojan:Win32/ShellcodeRunner.fcae025f
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/ShellcodeRunner.W
APEX	Malicious
Paloalto	generic.ml
BitDefender	Trojan.GenericKD.49410944
Ad-Aware	Trojan.GenericKD.49410944
Emsisoft	Trojan.GenericKD.49410944 (B)
VIPRE	Trojan.GenericKD.49410944
TrendMicro	TROJ_GEN.R002C0PGO22
McAfee-GW-Edition	RDN/Generic.dx
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.c0c5462fe59bcf30
Ikarus	Trojan.Win32.Shellcoderunner
GData	Trojan.GenericKD.49410944
Avira	TR/ShellRunner.eipdm
Antiy-AVL	Trojan/Generic.ASMalwS.6BF7
Arcabit	Trojan.Generic.D2F1F380
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
VBA32	BScope.Trojan.Downloader
ALYac	Trojan.GenericKD.49410944
MAX	malware (ai score=81)
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0PGO22
Rising	Trojan.ShellcodeRunner!8.6166 (CLOUD)
MaxSecure	Trojan.Malware.186099930.susgen
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZexaCO.34806.gq0@aGkB@Ahb
AVG	Win32:Evo-gen [Susp]
Avast	Win32:Evo-gen [Susp]

How to remove Win32/ShellcodeRunner.W?

Win32/ShellcodeRunner.W removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X