About “Win32:Debris-A [Wrm]” infection

The Win32:Debris-A [Wrm] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32:Debris-A [Wrm] virus can do?

Sample contains Overlay data
Authenticode signature is invalid

How to determine Win32:Debris-A [Wrm]?


File Info:
name: 7A94C9B36050998FF813.mlw
path: /opt/CAPEv2/storage/binaries/e4ce646cfd3c764ee0d236194b9e19a4870e1710d613e539975c3ee8d5f80f9b
crc32: 2362E39C
md5: 7a94c9b36050998ff813f70e8933e195
sha1: eebeb94f45da5be1fc1fcdd80560f25fd155fbb0
sha256: e4ce646cfd3c764ee0d236194b9e19a4870e1710d613e539975c3ee8d5f80f9b
sha512: 97c16baf8eb696c74221b5014365fdb5ed5a8d9a676c8230aab985d5dabd747abd1d64d858d8a392a096479eaf0124ef25441a4b4e93d79622d1af876e9039a4
ssdeep: 96:nEY2RrF1eqwi4ED6H7YaJsB56lE2iBft:EHRh1eppwy7d6G
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T190C1BC07E577C561F83FFA7A2A1F1B8AA26904C4BA3E1E7200F24F091170195C785B5F
sha3_384: 6abe1e4308ebec826635d9e4799814c6df06808fc2d7af8e17080ae0e7bef704f060f87180efa3ee5c2a8e195b862dc5
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2013-05-23 11:25:12

Version Info:
0: [No Data]

Win32:Debris-A [Wrm] also known as:

Bkav	W32.FamVT.DebrisA.Worm
tehtris	Generic.Malware
DrWeb	Worm.Siggen.12242
MicroWorld-eScan	Gen:Variant.Barys.431082
FireEye	Generic.mg.7a94c9b36050998f
CAT-QuickHeal	Trojan.Agent.WL
Skyhigh	BehavesLike.Win32.Worm.zz
McAfee	W32/Worm-FKH!7A94C9B36050
Malwarebytes	Bundpil.Worm.AutoRun.DDS
VIPRE	Gen:Variant.Barys.431082
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Trojan ( 0040f7ba1 )
K7GW	Trojan ( 0040f7ba1 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZedlaF.36802.aq5@aWbSzHn
VirIT	Worm.Win32.Generic.FXU
Symantec	Downloader
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Bundpil.AH
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Worm.Win32.Debris.h
BitDefender	Gen:Variant.Barys.431082
NANO-Antivirus	Trojan.Win32.Debris.cssocy
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Avast	Win32:Debris-A [Wrm]
Tencent	Worm.Win32.Debris.a
Emsisoft	Gen:Variant.Barys.431082 (B)
F-Secure	Worm.WORM/Debris.J.1
Baidu	Win32.Worm.Bundpil.an
Zillya	Worm.DebrisGen.Win32.1
TrendMicro	WORM_GAMARUE.SMA
Trapmine	malicious.high.ml.score
Sophos	Troj/Agent-ACCV
SentinelOne	Static AI – Malicious PE
Jiangmin	Worm/Debris.a
Varist	W32/Csyr.B.gen!Eldorado
Avira	WORM/Debris.J.1
MAX	malware (ai score=86)
Antiy-AVL	Worm/Win32.Debris
Kingsoft	malware.kb.a.997
Microsoft	TrojanDownloader:Win32/Andromeda!pz
Xcitium	Worm.Win32.Bundpil.AH@4yjufs
Arcabit	Trojan.Barys.D693EA
ZoneAlarm	Worm.Win32.Debris.h
GData	Gen:Variant.Barys.431082
Google	Detected
AhnLab-V3	Worm/Win32.Debris.R68969
Acronis	suspicious
VBA32	Worm.Gamarue
ALYac	Gen:Variant.Barys.431082
TACHYON	Worm/W32.Debris.5824.C
Cylance	unsafe
Panda	W32/Autorun.KAB.worm
TrendMicro-HouseCall	WORM_GAMARUE.SMA
Rising	Worm.Gamarue!1.9CB3 (CLASSIC)
Ikarus	Worm.Win32.Debris
Fortinet	W32/Agent.AF!worm
AVG	Win32:Debris-A [Wrm]
DeepInstinct	MALICIOUS
alibabacloud	Worm:Win/Gamarue.5cdd302f

How to remove Win32:Debris-A [Wrm]?

Win32:Debris-A [Wrm] removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X