Malware

Win64:Exploit-K [Expl] information

Malware Removal

The Win64:Exploit-K [Expl] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win64:Exploit-K [Expl] virus can do?

  • Presents an Authenticode digital signature
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Unusual version info supplied for binary

Related domains:

wpad.local-net
crl.verisign.com

How to determine Win64:Exploit-K [Expl]?



File Info:

name: 0D9906DCCA2A9A09261C.mlw
path: /opt/CAPEv2/storage/binaries/219ebaea7b2e866b2aaa292e484b44986e00149fa8848fcc55273e5eb614fe3b
crc32: B4CFEA45
md5: 0d9906dcca2a9a09261c267653ff2d6d
sha1: 527c04ee966abd7f0ebb9ee25ce7544fc51f5c44
sha256: 219ebaea7b2e866b2aaa292e484b44986e00149fa8848fcc55273e5eb614fe3b
sha512: 97ec11e9f26f3b933dac39d9261305e27d0ad7b94d6434c44fd75ad39b82a67722cb8f7c94e68b6ab1720ca75db098402a592e3ea6cec1b25bd0cdcaff5ce583
ssdeep: 3072:vu0R5hSAGMRTSDdTgcf/52vzoLA+DdFa+WWUF6K:h71GNdMcf/5cU3dpcF6K
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1A7045937D39502B9E853C2B9D6A5522AF7B27406E31943CFA260884C5F12FF1BA3D356
sha3_384: 0d1d570d60319f1149075391b731f34f1e83d9ef02502097f96ef77a14a18755526b9ad481a879fa0edc15aedc316f86
ep_bytes: 4883ec284c8bc24c8bc9e895ffffff49
timestamp: 2014-08-29 11:28:27


Version Info:

CompanyName: Windows (R) Win 7 DDK provider
FileDescription: 2014080618
FileVersion: 6.1.7600.16385 built by: WinDDK
InternalName: 
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: 
ProductName: Windows (R) Win 7 DDK driver
ProductVersion: 6.1.7600.16385
Translation: 0x0409 0x04b0

Win64:Exploit-K [Expl] also known as:

Elasticmalicious (high confidence)
FireEyeGeneric.mg.0d9906dcca2a9a09
AlibabaRootkit:Win64/Generic.2ce391d7
CrowdStrikewin/malicious_confidence_90% (W)
SymantecTrojan.Gen.MBT
TrendMicro-HouseCallTROJ_GEN.R002H07KL21
KasperskyRootkit.Win64.Agent.awy
AvastWin64:Exploit-K [Expl]
RisingRootkit.StartPage!1.A0AA (CLASSIC)
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
JiangminRootkit.Agent.rsl
AviraHEUR/AGEN.1107714
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
McAfeeArtemis!0D9906DCCA2A
VBA32Rootkit.Win64.Agent
APEXMalicious
TencentWin32.Trojan.Alike.Iiz
IkarusRootkit.Win64.Agent
AVGWin64:Exploit-K [Expl]
Cybereasonmalicious.e966ab

How to remove Win64:Exploit-K [Expl]?

Win64:Exploit-K [Expl] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment