Worm

Worm.Win32.Mabezat.A removal tips

Malware Removal

The Worm.Win32.Mabezat.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Win32.Mabezat.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Creates an autorun.inf file
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Binary file triggered YARA rule
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Harvests information related to installed mail clients
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent file extensions from being displayed
  • Attempts to modify Explorer settings to prevent hidden files from being displayed
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Worm.Win32.Mabezat.A?



File Info:

name: 25BE2753C6C0E8284956.mlw
path: /opt/CAPEv2/storage/binaries/f22f4fab23ee9d9b8f982eb988ab5140c51ba7e9ba6932f19deb7622b3175ac6
crc32: 2EE76286
md5: 25be2753c6c0e8284956b85415d174f4
sha1: da52b0aaa4aa366159ace7f5c7cab0af32aadd02
sha256: f22f4fab23ee9d9b8f982eb988ab5140c51ba7e9ba6932f19deb7622b3175ac6
sha512: f681a43ad327d661226773a773485978f24767399a7b5018e4636ed07d39cad6142af9225c026d87eda59d1f8774c51d89aeb02263206fed8c39c065313dd390
ssdeep: 24576:E307J529+RipvL1SXk1QE1RGOTnIEQc4au9NgxnHNnpdiUFQcgYGO6nWU:EEy9+ApwXk1QE1RzsEQPaxHNDiUFQcgz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F65F01371D24422F0633230999EF72A9A3A7CEB97E1653E679C2E0B8DF11C17627671
sha3_384: 43ee6ba39d7252d6f88cd9ef640f128db2c4c86ea47033e18ef9525cacd8a6f37fe4cddfe9bfd0e25ed5aca8aee7ff6d
ep_bytes: bbadf9ae0593e920010000852b8e8a36
timestamp: 2018-03-15 13:15:05


Version Info:

Comments: http://www.autoitscript.com/autoit3/
CompanyName: AutoIt Team
FileDescription: Aut2Exe
FileVersion: 3, 3, 14, 5
InternalName: Aut2Exe.exe
LegalCopyright: ©1999-2018 Jonathan Bennett & AutoIt Team
OriginalFilename: Aut2Exe.exe
ProductName: Aut2Exe
ProductVersion: 3, 3, 14, 5
Translation: 0x0809 0x04b0

Worm.Win32.Mabezat.A also known as:

BkavW32.Pharoh.PE
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Worm.Mabezat.Gen
FireEyeGeneric.mg.25be2753c6c0e828
CAT-QuickHealW32.Mabezat.B
SkyhighBehavesLike.Win32.Mabezat.tc
McAfeeW32/Mabezat.b.a
MalwarebytesGeneric.Malware.AI.DDS
SangforVirus_Suspicious.Win32.Mabezat.b
K7AntiVirusVirus ( 00001b7c1 )
K7GWVirus ( 00001b7c1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:FileInfector.6898046816
VirITWin32.Mazebat.B
SymantecW32.Mabezat.B!inf
ESET-NOD32Win32/Mabezat.A
TrendMicro-HouseCallPE_MABEZAT.B-1
ClamAVWin.Trojan.Mabezat-2
KasperskyWorm.Win32.Mabezat.b
BitDefenderWin32.Worm.Mabezat.Gen
NANO-AntivirusVirus.Win32.Mazebat.rspj
ViRobotWin32.Mabezat.A
TencentVirus.Win32.Mabezat.a
TACHYONVirus/W32.Mabezat
SophosW32/Mabezat-B
BaiduWin32.Worm.Mabezat.a
F-SecureMalware.W32/Mabezat
DrWebWin32.HLLW.Tazebama
VIPREWin32.Worm.Mabezat.Gen
TrendMicroPE_MABEZAT.B-1
Trapminemalicious.high.ml.score
EmsisoftWin32.Worm.Mabezat.Gen (B)
IkarusVirus.Win64.Expiro
JiangminWin32/Mabezat.b
ALYacWin32.Worm.Mabezat.Gen
VaristW32/Mabezat.A-2
AviraW32/Mabezat
Antiy-AVLWorm/Win32.Mabezat.b
KingsoftWin32.Mabezat.b.1038191
MicrosoftVirus:Win32/Mabezat.B
XcitiumWorm.Win32.Mabezat.b0@14o1bt
ArcabitWin32.Worm.Mabezat.Gen
ZoneAlarmWorm.Win32.Mabezat.b
GDataWin32.Worm.Mabezat.Gen
CynetMalicious (score: 100)
AhnLab-V3Win32/Mabezat
Acronissuspicious
VBA32Worm.Win32.Mabezat.A
GoogleDetected
MAXmalware (ai score=89)
Cylanceunsafe
RisingWin32.Mabezat.b (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetW32/Mabezat.B
Cybereasonmalicious.3c6c0e
PandaW32/Mabezat.C
alibabacloudVirus:Win/Mabezat.RQMRYEGYBJ

How to remove Worm.Win32.Mabezat.A?

Worm.Win32.Mabezat.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment