Win32:Confi [Wrm] malicious file

The Win32:Confi [Wrm] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Confi [Wrm] virus can do?

Authenticode signature is invalid

How to determine Win32:Confi [Wrm]?


File Info:
name: 4368AA5662E0329CCFA5.mlw
path: /opt/CAPEv2/storage/binaries/d91d94f35d929f2c0f2c87b090f0e363ac003a31789ca93ac1ffa70c312acea2
crc32: 01924CF4
md5: 4368aa5662e0329ccfa5d875c62a3330
sha1: 0eab8bde0a5aa372b5020c55acaa0ec279c1bcdb
sha256: d91d94f35d929f2c0f2c87b090f0e363ac003a31789ca93ac1ffa70c312acea2
sha512: c4e01e7c15743bc40e10a1d6c67b549ba62dec8afdfd25d1445fcef523be525eb7b014041bf6a0f2e09fc03a92ab0282316b68421fe2e6df7a59a43742406ae1
ssdeep: 1536:zLIZfrbeqfSE1mE+Y+Bsge5gPIebbEezrWR931JaEPWvWtnMQ4BoXGZ:z8Z/N1mEbHgQ92bEj9lEOm6nM5B1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F8B31241FC3D198FCA5ADD3F185DA3D30387986126AD975949B8E2ED20300E8DCD6B6B
sha3_384: 29302de7a3c77c12c0cbb0d68c18d9badee1a007da2c98d32f8cc4bb99c5edf207622ddd0cd5baffaacef151b96e2eb1
ep_bytes: 33c0c208000000000d0a0d0a54686973
timestamp: 2008-01-01 08:55:28

Version Info:
0: [No Data]

Win32:Confi [Wrm] also known as:

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
FireEye	Generic.mg.4368aa5662e0329c
McAfee	Artemis!4368AA5662E0
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_60% (W)
VirIT	Trojan.Win32.Conficker.AR
Cyren	W32/SuspPack.AA.gen!Eldorado
Avast	Win32:Confi [Wrm]
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Suspicious PE
Jiangmin	TrojanSpy.OnLineGames.hia
Avira	TR/Crypt.XPACK.Gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
APEX	Malicious
Rising	Trojan.Kryptik!1.AA55 (RDMK:cmRtazqUG1YRpWkcgd6Pq0dZVPPG)
Fortinet	W32/Agent.D13E!tr
AVG	Win32:Confi [Wrm]
Cybereason	malicious.e0a5aa

How to remove Win32:Confi [Wrm]?

Win32:Confi [Wrm] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X