Categories: Worm

Win32.Worm.Viking.AG malicious file

The Win32.Worm.Viking.AG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32.Worm.Viking.AG virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (inter-process)
Uses suspicious command line tools or Windows utilities

How to determine Win32.Worm.Viking.AG?


File Info:
name: 0692C2FA8626DE9FF445.mlwpath: /opt/CAPEv2/storage/binaries/312344b5292f40cfbd8afe7fdac0aa1ee4881c212e8ce80db5cb64e8bfee07f3crc32: CA9C6484md5: 0692c2fa8626de9ff445b20148308d56sha1: 2f5edf3782a5200325bd48c419ec76722792f1b8sha256: 312344b5292f40cfbd8afe7fdac0aa1ee4881c212e8ce80db5cb64e8bfee07f3sha512: f5cc51dbacf0b06cbc884cbdc4ef8c7c776c21d941f260f60cd55b316d3d348f2b7a381129c7e007fc1a90c48edcbeaf058e1f2f145ad9486428ff6a6e30c83cssdeep: 768:OD8exNfmxXtAtXjZqOoiEmPun1t0/Zmp9Uo1bIONrwP7MzhWK4xELrSGYYaZQrtz:yUtAhZ4iK1t0cvUo2P7gf4SuuyQvtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T12C23E19A73E46781C0591F31C487F650BD897C92AA1EC38FEF50365D0B736A098A253Dsha3_384: e322f6e2f233288b7f725a3ad8edac50f294a9a6360bd17c3d96d5eb6734f93cf1c749e103fb11114b5ceb0b45e3d7fdep_bytes: 60be00b042008dbe0060fdff5783cdfftimestamp: 1992-06-19 22:22:17
Version Info:
CompanyName: FileDescription: FileVersion: 1.0.0.0InternalName: LegalCopyright: LegalTrademarks: OriginalFilename: ProductName: ProductVersion: 1.0.0.0Comments: Translation: 0x0804 0x03a8

Win32.Worm.Viking.AG also known as:

Bkav	W32.Aprilty.PE
DrWeb	Win32.HLLW.Gavir.31
MicroWorld-eScan	Win32.Worm.Viking.AG
FireEye	Generic.mg.0692c2fa8626de9f
CAT-QuickHeal	W32.Viking.gen
ALYac	Win32.Worm.Viking.AG
Cylance	Unsafe
Zillya	Worm.Viking.Win32.8
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 7000000f1 )
K7GW	Trojan ( 7000000f1 )
Cybereason	malicious.a8626d
BitDefenderTheta	AI:Packer.49661B2120
Cyren	W32/Viking.AS
Symantec	W32.Looked.P
Elastic	malicious (moderate confidence)
ESET-NOD32	Win32/Viking.AS
TrendMicro-HouseCall	PE_LOOKED.FQ-O
Cynet	Malicious (score: 100)
Kaspersky	Worm.Win32.Viking.mi
BitDefender	Win32.Worm.Viking.AG
NANO-Antivirus	Trojan.Win32.Lineage.itqltm
Avast	Win32:Agent-AVDG [Trj]
Tencent	Worm.Win32.Viking.ae
Ad-Aware	Win32.Worm.Viking.AG
Emsisoft	Win32.Worm.Viking.AG (B)
Comodo	Win32.Viking.AS~clean@2vhe
Baidu	Win32.Virus.Agent.s
VIPRE	Win32.Worm.Viking.AG
TrendMicro	PE_LOOKED.FQ-O
McAfee-GW-Edition	BehavesLike.Win32.HLLPPhilis.pc
SentinelOne	Static AI – Malicious PE
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-R + W32/Looked-AE
Ikarus	Worm.Win32.Viking
GData	Win32.Trojan.PSE1.77RLTE
Jiangmin	Worm/Viking.el
Avira	WORM/Viking.O.2
Antiy-AVL	Trojan/Generic.ASBOL.6C4
ViRobot	Worm.Win32.Viking.49152
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Win32/Viking.Gen
McAfee	W32/HLLP.u.bn
VBA32	BScope.Trojan.Click
Malwarebytes	Malware.AI.1183508357
APEX	Malicious
Rising	Worm.Viking.dg (CLASSIC)
Yandex	Trojan.GenAsa!FuALLmTpids
MAX	malware (ai score=81)
Fortinet	W32/Viking.AG
AVG	Win32:Agent-AVDG [Trj]
Panda	W32/Viking.AR.drp
CrowdStrike	win/malicious_confidence_90% (W)