Worm

Win32.Worm.Mabezat.D (B) removal

Malware Removal

The Win32.Worm.Mabezat.D (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32.Worm.Mabezat.D (B) virus can do?

  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Catalan
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • Likely virus infection of existing system binary
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Win32.Worm.Mabezat.D (B)?


File Info:

name: EB335924169DB0806676.mlw
path: /opt/CAPEv2/storage/binaries/b0617d9fd8b0527ba4002a148a4a806cb45dcd50474f3a469029c269f580c48a
crc32: 869E895E
md5: eb335924169db08066762a9a346a3eb6
sha1: 1ea8eb705f4d0793c4d8bde0bd86c7eb2fd92396
sha256: b0617d9fd8b0527ba4002a148a4a806cb45dcd50474f3a469029c269f580c48a
sha512: aa4478931343679615898fc0b89cc19a2637ba77f1de39b534f432888466cdd24df000ddde35dc13156876c4bd78e452a74ec4b534a7fd0dbbe2b25c070486df
ssdeep: 3072:6tkEoAWF4ZCD4OnYQqD84ZSNE/w9J+xmzuxjdifEKnPyB0G3P4LtLooxNQmh42:6tkEoAM4iYQqA4sQkq7j0TyBR/stPNDV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T142348F51353B872BE105B070690C6B91BDEA9C7648BFC87F974CB12650BBC8369BC197
sha3_384: b7d1b9bebf1be689c1bfdae04b53683e39e791d0550ea44688a69b03a28a5b2832439c6e85c65b0fe0203f3c1bcb2160
ep_bytes: 5383ec44b823104000b9000000008a18
timestamp: 2007-10-29 06:17:05

Version Info:

0: [No Data]

Win32.Worm.Mabezat.D (B) also known as:

BkavW32.Pharoh.Worm
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Worm.Mabezat.D
FireEyeGeneric.mg.eb335924169db080
CAT-QuickHealW32.Mabezat.Dr
McAfeeW32/Mabezat
VIPREWorm.Win32.Mabezat.b (v)
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
K7GWVirus ( 000ad08b1 )
K7AntiVirusVirus ( 000ad08b1 )
BaiduWin32.Worm.Mabezat.b
CyrenW32/Mabezat.FRWO-1177
ESET-NOD32Win32/Mabezat.A
APEXMalicious
NANO-AntivirusVirus.Win32.Mabezat.kfroy
ViRobotWorm.Win32.Mabezat.154751
RisingWorm.Mabezat!1.995D (CLASSIC)
Ad-AwareWin32.Worm.Mabezat.D
EmsisoftWin32.Worm.Mabezat.D (B)
ComodoWorm.Win32.Mabezat.b@14k3c8
DrWebWin32.HLLW.Tazebama.45
ZillyaWorm.MabezatGen.Win32.3
TrendMicroPE_MABEZAT.B-O
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.dh
SophosW32/Mabezat-B
IkarusWorm.Win32.Mabezat
JiangminTrojan/Mabezat.g
AviraWORM/Mabezat.b
ArcabitWin32.Worm.Mabezat.D
SUPERAntiSpywareTrojan.Agent/Gen-Mabezat
CynetMalicious (score: 100)
AhnLab-V3Win32/Mabezat
Acronissuspicious
VBA32Trojan.Win32.Mabezat.a
ALYacWin32.Worm.Mabezat.D
TACHYONWorm/W32.Mabezat
MalwarebytesWorm.Mabezat
PandaW32/Mabezat.C.worm
TencentTrojan.Win32.Mabezat.a
YandexTrojan.GenAsa!0z4t/44RHDE
SentinelOneStatic AI – Suspicious PE
eGambitUnsafe.AI_Score_90%
FortinetW32/Mabezat.B!worm
AVGWin32:Crypt-KUG [Trj]

How to remove Win32.Worm.Mabezat.D (B)?

Win32.Worm.Mabezat.D (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment