Worm

Worm.Phorpiex (A) (file analysis)

Malware Removal

The Worm.Phorpiex (A) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Phorpiex (A) virus can do?

  • Executable code extraction
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Polish
  • The binary likely contains encrypted or compressed data.
  • Detects SunBelt Sandbox through the presence of a library
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Attempts to remove evidence of file being downloaded from the Internet
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Operates on local firewall’s policies and settings
  • Creates a copy of itself
  • Attempts to modify or disable Security Center warnings
  • Anomalous binary characteristics

Related domains:

tldrbox.top

How to determine Worm.Phorpiex (A)?



File Info:

crc32: 58697702
md5: 15a768aba0d0fe9227f52c084bc76fe8
name: o.exe
sha1: eb9dfeb45273817d5aa58161fb4ca990610a5e5a
sha256: f4c71bb6e0a66271e2341c1b75468babee40a3fd382165b95dcf6ed47158a9dc
sha512: 45c2719c4790a0191e783d200aca4f9ce8abbeb4dd0ee66ddc74f97f9403033f5db1e6725d8392ca6dff2325817986df4379dcc9083a1ead68063650c2060d48
ssdeep: 3072:vQ3YeQwyg4Yurc+CR5F7BcoWhkrF7ZHWAAfJcdD:vkYeQwp4YurJI5coWhaufJcd
type: PE32 executable (GUI) Intel 80386 system file, for MS Windows


Version Info:

FileVersionNew: 2.3.4
InternalServiceName: speedy.exe
Copyright: Copyright (C) 2020, softtail
ProgramVersion: 1.4.7

Worm.Phorpiex (A) also known as:

BkavW32.AIDetectVM.malware2
MicroWorld-eScanTrojan.GenericKD.33381754
FireEyeGeneric.mg.15a768aba0d0fe92
McAfeeRDN/Generic.rp
CylanceUnsafe
AegisLabTrojan.Multi.Generic.4!c
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.GenericKD.33381754
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.452738
TrendMicroTROJ_GEN.R03FC0DBS20
BitDefenderThetaGen:NN.ZexaF.34096.mCW@aCuKe0kG
APEXMalicious
AvastWin32:CoinminerX-gen [Trj]
GDataTrojan.GenericKD.33381754
KasperskyTrojan-Banker.Win32.CliptoShuffler.acx
AlibabaTrojan:Win32/Starter.ali2000005
NANO-AntivirusTrojan.Win32.CliptoShuffler.hcizqx
RisingBackdoor.Agent!8.C5D (CLOUD)
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoMalware@#xwicknuk90ph
F-SecureTrojan.TR/AD.Phorpiex.llbmr
DrWebTrojan.MulDrop4.25343
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.cm
Trapminemalicious.moderate.ml.score
EmsisoftWorm.Phorpiex (A)
IkarusWorm.Win32.Phorpiex
CyrenW32/Trojan.OFOU-7259
JiangminTrojan.Banker.CliptoShuffler.t
AviraTR/AD.Phorpiex.llbmr
MAXmalware (ai score=100)
Antiy-AVLTrojan[Banker]/Win32.CliptoShuffler
MicrosoftTrojan:Win32/Azorult.PVD!MTB
ArcabitTrojan.Generic.D1FD5D7A
ZoneAlarmTrojan-Banker.Win32.CliptoShuffler.acx
AhnLab-V3Trojan/Win32.MalPe.R327360
Acronissuspicious
ALYacTrojan.GenericKD.33381754
Ad-AwareTrojan.GenericKD.33381754
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32Win32/Phorpiex.V
TrendMicro-HouseCallTROJ_GEN.R03FC0DBS20
TencentWin32.Worm.Phorpiex.Dyqp
SentinelOneDFI – Suspicious PE
MaxSecureTrojan.Malware.75023133.susgen
FortinetW32/Kryptik.HBNS!tr
AVGWin32:CoinminerX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.f13

How to remove Worm.Phorpiex (A)?

Worm.Phorpiex (A) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment