Worm

Worm.Win32.Pajetbin.heo (file analysis)

Malware Removal

The Worm.Win32.Pajetbin.heo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm.Win32.Pajetbin.heo virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Worm.Win32.Pajetbin.heo?


File Info:

name: EC48A69BE6EA7A36519A.mlw
path: /opt/CAPEv2/storage/binaries/c44abcafdd1c0278698358ecc772f2840dfe3b15a4f7ea3978ef900c5c410f97
crc32: A9F309D6
md5: ec48a69be6ea7a36519a1b227824c31a
sha1: cc44281f35887edc7b8ac35aa3e2dedd65cf3a80
sha256: c44abcafdd1c0278698358ecc772f2840dfe3b15a4f7ea3978ef900c5c410f97
sha512: 4838db1db2d8bde1a22185cb9fd09b48203a630b1293b6688d6ba9d9b9f6db1722b7b38cb1cef4e3060fad94716e9fa2d532d3d5ce3514cadd31db883f975b0c
ssdeep: 3072:/cL0bUTppDAYzIMUNRD5b0zs7y4JTrj2AZToEE6ooqiq8EpKP1dwLFurHN6y8nVn:bbUTp1VUjD5as7y4JTrjbd1E6dqi4pyg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14FF37C03B7A180E6E1B282705C7757325E36BC3214604F5F2790FB696D32B86BD79B26
sha3_384: 4a5b63626df0b5885e3c573f367fcfc944c60164d7839692152be69fce674c25888a5f6fe67ede93e23185e7f717324f
ep_bytes: 81ecd4020000535556576a2033ed5e89
timestamp: 2013-12-25 05:01:44

Version Info:

CompanyName: Mozilla Corporation
FileDescription: Mozilla Maintenance Service Installer
FileVersion: 43.0.1
LegalCopyright: Mozilla Corporation
LegalTrademarks: Firefox is a Trademark of The Mozilla Foundation.
OriginalFilename: maintenanceservice_installer.exe
ProductName: Firefox
ProductVersion: 43.0.1
Translation: 0x0409 0x04b0

Worm.Win32.Pajetbin.heo also known as:

LionicWorm.Win32.Pajetbin.o!c
DrWebWin32.HLLW.Autoruner.547
McAfeeRDN/Autorun.worm.gen
CylanceUnsafe
AlibabaWorm:Win32/Pajetbin.3fa2a599
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
CyrenW32/Pajetbin.K.gen!Eldorado
SymantecTrojan.Gen.MBT
TrendMicro-HouseCallTROJ_GEN.R002C0PL421
ClamAVWin.Worm.Vindor-9886047-0
KasperskyWorm.Win32.Pajetbin.heo
AvastWin32:VB-FBX
TencentWin32.Worm.Pajetbin.Alim
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0PL421
McAfee-GW-EditionRDN/Autorun.worm.gen
GDataWin32.Trojan.PSE.1V6HZ6L
AviraDIAL/Redcap.yhvib
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
VBA32Worm.AutoRun
ALYacTrojan.GenericKD.38098181
MalwarebytesMalware.AI.2797890020
RisingWorm.VB!1.DA3E (CLASSIC)
FortinetW32/Autorun!worm
AVGWin32:VB-FBX
MaxSecureTrojan.Malware.121218.susgen

How to remove Worm.Win32.Pajetbin.heo?

Worm.Win32.Pajetbin.heo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment