Malware

Win32:LockScreen-AAV [Trj] malicious file

Malware Removal

The Win32:LockScreen-AAV [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:LockScreen-AAV [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • CAPE detected the Fareit malware family
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients

How to determine Win32:LockScreen-AAV [Trj]?



File Info:

name: ECBB87F49CA649C18AAE.mlw
path: /opt/CAPEv2/storage/binaries/750ec21ad904a45cf619ead37d72d02536dcdd14de438e82ef8545c29a30e7f2
crc32: DCF99036
md5: ecbb87f49ca649c18aae8849ac490ee0
sha1: a7b1747f1a63a5950e8c93e367c8d0f61c8d66b6
sha256: 750ec21ad904a45cf619ead37d72d02536dcdd14de438e82ef8545c29a30e7f2
sha512: 734e5c850c5c5d9e9e67522fc4ebee78bf89bc8f0413ef0b1b8c21bf59648317c254993c347bd6345d26798543ad0860f9b58db70e2b42bb24ef6df531c9d20b
ssdeep: 3072:K690gcnclVuJNcpRCBLESHdVOGdEMeO3um6Lf1iFkRcOYnlZi:K690gVlMfujAdVHdEMPs
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T156B3DF1932704813EE5642FDC99BEA5623047EAE4714DA5B3583EF1F9EA31D0E73250B
sha3_384: 2221949e65d6c4ac5985d5a340af2892cb8247e2fed27dd14022baf0df6f26d6af4404609e4f636fd0574de12f116175
ep_bytes: 558bec5568df19400068a0124000c35d
timestamp: 2013-04-04 03:46:08


Version Info:

CompanyName: Корпорация Майкрософт
FileDescription: Напоминания Windows OOBE
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
InternalName: OOBEBALN.EXE
Translation: 0x0419 0x04b0

Win32:LockScreen-AAV [Trj] also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.lWBM
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.1932
CynetMalicious (score: 100)
FireEyeGeneric.mg.ecbb87f49ca649c1
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeePWS-Zbot-FATG!ECBB87F49CA6
MalwarebytesMalware.AI.693616844
VIPRETrojan.Win32.Zbot.m (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f0ce1 )
AlibabaTrojanPSW:Win32/Tepfer.c7c25e8e
K7GWTrojan-Downloader ( 0040f0ce1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.Razy.DC11A7
BitDefenderThetaGen:NN.ZexaF.34212.hq0@aOCZEpwc
VirITTrojan.Win32.Agent.BWB
SymantecBackdoor.Trojan
ESET-NOD32a variant of Win32/Kryptik.AXWR
TrendMicro-HouseCallTROJ_RANSOM.SM0E
Paloaltogeneric.ml
ClamAVWin.Packed.Zbot-7671065-0
KasperskyTrojan-PSW.Win32.Tepfer.hwaa
BitDefenderGen:Variant.Razy.790951
NANO-AntivirusTrojan.Win32.Tepfer.bqofvs
SUPERAntiSpywareTrojan.Agent/Gen-Ransom
MicroWorld-eScanGen:Variant.Razy.790951
AvastWin32:LockScreen-AAV [Trj]
TencentMalware.Win32.Gencirc.1149216a
Ad-AwareGen:Variant.Razy.790951
EmsisoftGen:Variant.Razy.790951 (B)
ComodoApplication.Win32.LoadMoney.ZED@6e0wcr
ZillyaTrojan.ZBotGen.Win32.1
TrendMicroTROJ_RANSOM.SM0E
McAfee-GW-EditionBehavesLike.Win32.Dropper.cc
SophosML/PE-A + Mal/ZAccess-CG
IkarusTrojan-PWS.Win32.Fareit
JiangminTrojan/Generic.bgfnc
WebrootW32.Malware.Gen
AviraTR/Crypt.ZPACK.Gen
Antiy-AVLTrojan[PSW]/Win32.Tepfer
MicrosoftPWS:Win32/Fareit
ZoneAlarmTrojan-PSW.Win32.Tepfer.hwaa
GDataGen:Variant.Razy.790951
SentinelOneStatic AI – Malicious PE
AhnLab-V3Trojan/Win32.Zbot.R59686
Acronissuspicious
VBA32BScope.Malware-Cryptor.SB.01798
ALYacGen:Variant.Razy.790951
TACHYONBackdoor/W32.Hlux.116736.C
CylanceUnsafe
APEXMalicious
RisingStealer.Pony!8.10FE4 (CLOUD)
YandexTrojan.PWS.Tepfer!PIvQ9uwDE2w
MAXmalware (ai score=100)
MaxSecureTrojan.Malware.5546567.susgen
FortinetW32/Zbot.APRF!tr
AVGWin32:LockScreen-AAV [Trj]
Cybereasonmalicious.49ca64
PandaTrj/Hexas.HEU

How to remove Win32:LockScreen-AAV [Trj]?

Win32:LockScreen-AAV [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment