Win32.Worm.Shodi.C information

The Win32.Worm.Shodi.C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32.Worm.Shodi.C virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Unconventionial language used in binary resources: Arabic (Egypt)
Authenticode signature is invalid
Creates a copy of itself

How to determine Win32.Worm.Shodi.C?


File Info:
name: DA52DF25594BE81B68D0.mlw
path: /opt/CAPEv2/storage/binaries/91b3e7049f2dbf6aa1811c66ab67473488ec75efa8e115add7389e8df0c4251e
crc32: 5DFA2961
md5: da52df25594be81b68d03966030ea0a4
sha1: 25d4488619686424d82fefee59bba985be9f1a82
sha256: 91b3e7049f2dbf6aa1811c66ab67473488ec75efa8e115add7389e8df0c4251e
sha512: a94a3227d1440a4953d45aea76cb9ca54061039b3bfcd77b98d9d97e59d660b7870c20e21731931ed5406769cff12675b33ee9eeded172029cf84e452c138c48
ssdeep: 24576:k+Cq99Ly4CaNpZY67zRfItx2hwpemIwpelDx:k+Cq99Ly0ZPItx2apeapell
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T146257C03F78511F8E04AD1B88B529633E5727C840B2175DF1BA53B2A3F76AD12B79728
sha3_384: 6d0e2d309104f24587938465679cd63fc147b731901a3e2708d88f1cb7d6c633a0487a5e531cdb853241d04db9293fa6
ep_bytes: 558bec6aff681892400068d461400064
timestamp: 2004-01-04 07:51:41

Version Info:
0: [No Data]

Win32.Worm.Shodi.C also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
DrWeb	Win32.HLLP.Shohdi
MicroWorld-eScan	Win32.Worm.Shodi.C
Skyhigh	BehavesLike.Win32.Shodi.fh
McAfee	W32/Shodi.worm.d
Malwarebytes	Generic.Malware.AI.DDS
Zillya	Virus.Shodi.Win32.6
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Virus ( 00565c3a1 )
Alibaba	Virus:Win32/Shodi.4ee62cb7
K7GW	Virus ( 00565c3a1 )
Cybereason	malicious.5594be
VirIT	Win32.Shodi.B
Symantec	W32.Shodi.C
ESET-NOD32	Win32/HLLP.Shodi.C
APEX	Malicious
TrendMicro-HouseCall	PE_SHODI.T
ClamAV	Win.Virus.Shodi-10013707-0
Kaspersky	Virus.Win32.HLLP.Shodi.c
BitDefender	Win32.Worm.Shodi.C
NANO-Antivirus	Virus.Win32.HLLP.gjnq
Avast	Win32:ShodiD
Tencent	Virus.Win32.Shodi.ka
Emsisoft	Win32.Worm.Shodi.C (B)
F-Secure	Malware.W32/Shodi.C
VIPRE	Win32.Worm.Shodi.C
TrendMicro	PE_SHODI.T
FireEye	Generic.mg.da52df25594be81b
Sophos	W32/Shodi-I
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=80)
Jiangmin	Win32/HLLP.Shodi.d
Google	Detected
Avira	W32/Shodi.C
Varist	W32/Thier.WWSJ-0001
Antiy-AVL	Virus/Win32.Shodi.a
Kingsoft	malware.kb.a.999
Microsoft	Virus:Win32/Shodi.C
Xcitium	Win32.HLLP.Shodi.C@3pzt
Arcabit	Win32.Worm.Shodi.C
ZoneAlarm	Virus.Win32.HLLP.Shodi.c
GData	Win32.Worm.Shodi.C
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/HLLP.Shodi.X1346
ALYac	Win32.Worm.Shodi.C
Cylance	unsafe
Panda	W32/HLLP.Shodi.C
Rising	Win32.Shodi.a (CLASSIC)
Yandex	Trojan.GenAsa!uIynsBP074A
Ikarus	Virus.Win32.HLLP.Shodi.C
MaxSecure	Virus.W32.Shodi.C
Fortinet	W32/Shodi.C
AVG	Win32:ShodiD
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Virus:Win/Shodi.HJVOLPWJKNLV

How to remove Win32.Worm.Shodi.C?

Win32.Worm.Shodi.C removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X