Malware

Win32:Yunsip-A [Wrm] (file analysis)

Malware Removal

The Win32:Yunsip-A [Wrm] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Yunsip-A [Wrm] virus can do?

  • Sample contains Overlay data
  • Authenticode signature is invalid

How to determine Win32:Yunsip-A [Wrm]?



File Info:

name: 210AA1C5C51229A6F6A1.mlw
path: /opt/CAPEv2/storage/binaries/5e9e4082f71a3eb88a238729da99188cfab0d1fe8e9cdcde3c8b2964cdcf2a83
crc32: A820FDF8
md5: 210aa1c5c51229a6f6a1b4aaa3ef9f31
sha1: c1f3b4ea4a5e837fbc550a9831deaf804fb19cd4
sha256: 5e9e4082f71a3eb88a238729da99188cfab0d1fe8e9cdcde3c8b2964cdcf2a83
sha512: 9bd4b9a4aee8cd7b5870302f9caaefd3b582725757f451ab93fa58db5e1fcce175a3ee6c4de0cd70111b25c47d667c98fa4d1c4a100bc8964a55dfcb4e601beb
ssdeep: 6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYi:o6RI1Fo/wT3cJYYYYYYYYYYYYi
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T19D35F7C211D43099E4F3283A94A5BA57FE67EEB17CF88117025E4ECDC653E83B6A5B04
sha3_384: 85bf0d69929552e0e8de99d591c61e74f5871004bb68341f38d40b22489053caffeb029ecaa4a01781e30de4ae38febc
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2011-03-17 08:58:08


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Uniscribe Unicode script processor
FileVersion: 1.0420.2600.5512 (xpsp.080413-2105)
InternalName: Uniscribe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: Uniscribe
ProductName: Microsoft(R) Uniscribe Unicode script processor
ProductVersion: 1.0420.2600.5512
Translation: 0x0409 0x04b0

Win32:Yunsip-A [Wrm] also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38816663
CAT-QuickHealTrojanPWS.Yunsip.A5
SkyhighBehavesLike.Win32.PWSYunsip.tz
McAfeePWS-Yunsip.gen.a
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Agent.Win32.130937
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 00060f0b1 )
K7AntiVirusTrojan ( 00060f0b1 )
ArcabitTrojan.Generic.D2504B97
BaiduWin32.Trojan.Agent.amh
VirITTrojan.Win32.Agent.AMYE
SymantecW32.Yunsip
tehtrisGeneric.Malware
ESET-NOD32Win32/Spy.Agent.NYB
APEXMalicious
ClamAVWin.Trojan.Yunsip-1
KasperskyTrojan-Spy.Win32.Agent.bqme
BitDefenderTrojan.GenericKD.38816663
NANO-AntivirusTrojan.Win32.Agent.vkmvm
SUPERAntiSpywareTrojan.Agent/Gen-Yunsip
AvastWin32:Yunsip-A [Wrm]
TencentTrojan.Win32.FakeMS.tpd
EmsisoftTrojan.GenericKD.38816663 (B)
GoogleDetected
F-SecureTrojan.TR/PSW.Yunsip.axyza
DrWebTrojan.PWS.Spy.20069
VIPRETrojan.GenericKD.38816663
TrendMicroWORM_YUNSIP.SMR
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.210aa1c5c51229a6
SophosMal/YunSip-A
SentinelOneStatic AI – Malicious PE
JiangminBackdoor.Generic.bhxd
VaristW32/Redosdru.B.gen!Eldorado
AviraTR/PSW.Yunsip.axyza
MAXmalware (ai score=88)
Antiy-AVLTrojan[PSW]/Win32.Yunsip.a
Kingsoftmalware.kb.a.716
XcitiumTrojWare.Win32.TrojanSpy.Agent.ny@4pn6tf
MicrosoftPWS:Win32/Yunsip!pz
ViRobotTrojan.Win32.Agent.131072.BJ
ZoneAlarmTrojan-Spy.Win32.Agent.bqme
GDataWin32.Trojan-Stealer.Yunsip.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Infostealer.R758
Acronissuspicious
BitDefenderThetaGen:NN.ZedlaF.36802.cv@@a05rPXji
ALYacTrojan.GenericKD.38816663
VBA32TrojanSpy.Agent
Cylanceunsafe
PandaGeneric Suspicious
TrendMicro-HouseCallWORM_YUNSIP.SMR
RisingTrojan.Usp10Hijack!1.998B (CLASSIC)
YandexTrojan.GenAsa!LogooVIKaNc
IkarusTrojan.Spy.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.NYB!tr
AVGWin32:Yunsip-A [Wrm]
DeepInstinctMALICIOUS
alibabacloudPWS:Win/Yunsip.ed49dde8

How to remove Win32:Yunsip-A [Wrm]?

Win32:Yunsip-A [Wrm] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment