Worm

Win32.Worm.Viking.AG malicious file

Malware Removal

The Win32.Worm.Viking.AG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32.Worm.Viking.AG virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Uses suspicious command line tools or Windows utilities

How to determine Win32.Worm.Viking.AG?



File Info:

name: 0692C2FA8626DE9FF445.mlw
path: /opt/CAPEv2/storage/binaries/312344b5292f40cfbd8afe7fdac0aa1ee4881c212e8ce80db5cb64e8bfee07f3
crc32: CA9C6484
md5: 0692c2fa8626de9ff445b20148308d56
sha1: 2f5edf3782a5200325bd48c419ec76722792f1b8
sha256: 312344b5292f40cfbd8afe7fdac0aa1ee4881c212e8ce80db5cb64e8bfee07f3
sha512: f5cc51dbacf0b06cbc884cbdc4ef8c7c776c21d941f260f60cd55b316d3d348f2b7a381129c7e007fc1a90c48edcbeaf058e1f2f145ad9486428ff6a6e30c83c
ssdeep: 768:OD8exNfmxXtAtXjZqOoiEmPun1t0/Zmp9Uo1bIONrwP7MzhWK4xELrSGYYaZQrtz:yUtAhZ4iK1t0cvUo2P7gf4SuuyQv
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12C23E19A73E46781C0591F31C487F650BD897C92AA1EC38FEF50365D0B736A098A253D
sha3_384: e322f6e2f233288b7f725a3ad8edac50f294a9a6360bd17c3d96d5eb6734f93cf1c749e103fb11114b5ceb0b45e3d7fd
ep_bytes: 60be00b042008dbe0060fdff5783cdff
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0804 0x03a8

Win32.Worm.Viking.AG also known as:

BkavW32.Aprilty.PE
DrWebWin32.HLLW.Gavir.31
MicroWorld-eScanWin32.Worm.Viking.AG
FireEyeGeneric.mg.0692c2fa8626de9f
CAT-QuickHealW32.Viking.gen
ALYacWin32.Worm.Viking.AG
CylanceUnsafe
ZillyaWorm.Viking.Win32.8
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.a8626d
BitDefenderThetaAI:Packer.49661B2120
CyrenW32/Viking.AS
SymantecW32.Looked.P
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Viking.AS
TrendMicro-HouseCallPE_LOOKED.FQ-O
CynetMalicious (score: 100)
KasperskyWorm.Win32.Viking.mi
BitDefenderWin32.Worm.Viking.AG
NANO-AntivirusTrojan.Win32.Lineage.itqltm
AvastWin32:Agent-AVDG [Trj]
TencentWorm.Win32.Viking.ae
Ad-AwareWin32.Worm.Viking.AG
EmsisoftWin32.Worm.Viking.AG (B)
ComodoWin32.Viking.AS~clean@2vhe
BaiduWin32.Virus.Agent.s
VIPREWin32.Worm.Viking.AG
TrendMicroPE_LOOKED.FQ-O
McAfee-GW-EditionBehavesLike.Win32.HLLPPhilis.pc
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosMal/Generic-R + W32/Looked-AE
IkarusWorm.Win32.Viking
GDataWin32.Trojan.PSE1.77RLTE
JiangminWorm/Viking.el
AviraWORM/Viking.O.2
Antiy-AVLTrojan/Generic.ASBOL.6C4
ViRobotWorm.Win32.Viking.49152
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Win32/Viking.Gen
McAfeeW32/HLLP.u.bn
VBA32BScope.Trojan.Click
MalwarebytesMalware.AI.1183508357
APEXMalicious
RisingWorm.Viking.dg (CLASSIC)
YandexTrojan.GenAsa!FuALLmTpids
MAXmalware (ai score=81)
FortinetW32/Viking.AG
AVGWin32:Agent-AVDG [Trj]
PandaW32/Viking.AR.drp
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Win32.Worm.Viking.AG?

Win32.Worm.Viking.AG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment