Worm

Worm.Generic.354668 (B) (file analysis)

Malware Removal

The Worm.Generic.354668 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Generic.354668 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Worm.Generic.354668 (B)?



File Info:

name: E32216C8E702EE9CFF07.mlw
path: /opt/CAPEv2/storage/binaries/d3b20fcbd13660f83add238a683068f5522013a4256849af44a46d8347828ceb
crc32: BABF8E75
md5: e32216c8e702ee9cff0785259a343f44
sha1: 2d9584e50a16f57b78a4af44bf2fe60dd0e63bcb
sha256: d3b20fcbd13660f83add238a683068f5522013a4256849af44a46d8347828ceb
sha512: 6bb5c8464cc2e3a801f850a77441e4b3d90015a08a05f9bce3592e15278ea139b15440a4522509ae63f015990bf4a6e69f1b0102a3918ecccc8f4ad957fd313d
ssdeep: 196608:FuKSVgBPnedJNXvu1NFMt3ZlK3zNZXEFuJg0:gKyUPkJGKtp83/aua0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AE96333B8BD3E577C0E90632865F5A7C7A753540060A2B29C70E593DB6B3B9C7A0BE14
sha3_384: 4e0df279a52ee61448b79d52dfcd5025754a56e03e4c4566c6df3fedc83b4aa6d61b557b28903739e2b6370057bdb32f
ep_bytes: 90558bec81c434fcfffff7db41bb102a
timestamp: 2008-05-30 04:46:30


Version Info:

CompanyName: AVG Technologies CZ, s.r.o.
FileDescription: AVG Tray Monitor
FileVersion: 9.0.0.871
InternalName: avgtray
LegalCopyright: Copyright © 2010 AVG Technologies CZ, s.r.o.
OriginalFilename: avgtray.exe
ProductName: AVG Internet Security
ProductVersion: 9.0.0.871
PrivateBuild: Win32 Release_Unicode
SpecialBuild: Avg8VC8_2010_1109_133319(871), SVNRev 145063 (/branches/release/SmallUpdate9-12)
Translation: 0x0409 0x04e4

Worm.Generic.354668 (B) also known as:

BkavW32.AIDetect.malware2
LionicWorm.Win32.Kolab.p!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed.21467
MicroWorld-eScanWorm.Generic.354668
FireEyeGeneric.mg.e32216c8e702ee9c
ALYacWorm.Generic.354668
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004bcce41 )
AlibabaWorm:Win32/Kolab.b0967f57
K7GWTrojan ( 004bcce41 )
Cybereasonmalicious.8e702e
BitDefenderThetaGen:NN.ZexaF.34212.@p3@aa3Yomkc
VirITTrojan.Win32.Generic.LJC
CyrenW32/Sefnit.G.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Kryptik.KTE
TrendMicro-HouseCallWORM_KOLAB.SMB
AvastWin32:Kryptik-AGY [Trj]
ClamAVWin.Spyware.Zbot-1279
KasperskyNet-Worm.Win32.Kolab.vep
BitDefenderWorm.Generic.354668
NANO-AntivirusTrojan.Win32.MLW.imdlc
TencentMalware.Win32.Gencirc.10b617ce
Ad-AwareWorm.Generic.354668
SophosMal/Generic-R + Troj/Agent-VOW
ComodoPacked.Win32.MUPX.Gen@24tbus
VIPRETrojan.Win32.Kryptik.lbu (v)
TrendMicroWORM_KOLAB.SMB
McAfee-GW-EditionW32/Pinkslipbot.gen.an
EmsisoftWorm.Generic.354668 (B)
Paloaltogeneric.ml
JiangminWorm/Kolab.jod
WebrootW32.Infostealer.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.1E936C
GridinsoftRansom.Win32.Zbot.sa
ViRobotWorm.Win32.A.Net-Kolab.1074339
ZoneAlarmNet-Worm.Win32.Kolab.vep
GDataWorm.Generic.354668
CynetMalicious (score: 100)
AhnLab-V3Worm/Win32.Kolab.R3715
McAfeeW32/Pinkslipbot.gen.an
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
MalwarebytesMalware.AI.1704672220
APEXMalicious
RisingTrojan.Sefnit!8.B5B (TFE:2:g8H0J9nCFtJ)
YandexTrojan.GenAsa!fb8SyM5zAGA
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Agent.WSD!tr
AVGWin32:Kryptik-AGY [Trj]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.1698862.susgen

How to remove Worm.Generic.354668 (B)?

Worm.Generic.354668 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment