Categories: Worm

Worm:Win32/Arhost.A removal

The Worm:Win32/Arhost.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm:Win32/Arhost.A virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Behavioural detection: Injection (Process Hollowing)
Behavioural detection: Injection (inter-process)

How to determine Worm:Win32/Arhost.A?


File Info:
name: ED7CBC22B0B35DB34A3B.mlwpath: /opt/CAPEv2/storage/binaries/27e36868f9ada20c24c9f7cb9a3050cf331e24bdd2b92991df7313bf4721b860crc32: 231C4C8Dmd5: ed7cbc22b0b35db34a3bd44973a38e0bsha1: 751e278188f28ec81d9bbda7dfbf907c1bea365dsha256: 27e36868f9ada20c24c9f7cb9a3050cf331e24bdd2b92991df7313bf4721b860sha512: cd529db2c9507a48ab7dab6900e332c835fe84628770079e178ce1379d9f2d7476dfb66da588d8927cd5fa3bc3c553b118710b7c731aa94d46637f9908945a4assdeep: 6144:liKQ+YDpUpAJmYAXgeT28ke2DSwl8T1spyo7aoU1Ur+4Usuxo:liK5YDpUpAJmT5P2ewyT1sp++Ozxotype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T132541214EBE50732F2E461B60E4AC7F7D56FECB52F513301C2804E45392A94E6E26ADEsha3_384: 9508b4f756cbe6cd7f83238d6a31128120ca5357c3683f9775a09441837acffe7e2a7915ed3120d4ca4b07159f7f7741ep_bytes: 558bec6aff6868514000686048400064timestamp: 2010-02-22 23:28:42
Version Info:
Comments: CompanyName:  FileDescription: FileVersion: 2, 0, 0, 0InternalName: LegalCopyright: Copyright © 2009LegalTrademarks: OriginalFilename: PrivateBuild: ProductName: ProductVersion: 2, 0, 0, 0SpecialBuild: Translation: 0x0409 0x04b0

Worm:Win32/Arhost.A also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Generic.liiQ
Elastic	malicious (high confidence)
DrWeb	BackDoor.Siggen.14342
MicroWorld-eScan	Gen:Heur.Krypt.10
FireEye	Generic.mg.ed7cbc22b0b35db3
McAfee	W32/Rimecud.gen.af
Cylance	Unsafe
Zillya	Worm.AutoRun.Win32.63541
Sangfor	Trojan.Win32.Generic.ky
K7AntiVirus	Trojan ( 0055e3991 )
Alibaba	Malware:Win32/km_24de0.None
K7GW	Trojan ( 0055e3991 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Trojan.Krypt.10
BitDefenderTheta	AI:Packer.9129C88320
Cyren	W32/S-04534474!Eldorado
Symantec	W32.Pilleuz
ESET-NOD32	a variant of Win32/Injector.AZZ
APEX	Malicious
TrendMicro-HouseCall	WORM_EGGDROP.SMF
Paloalto	generic.ml
ClamAV	Win.Worm.Agent-859949
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Heur.Krypt.10
NANO-Antivirus	Trojan.Win32.MLW.dkfnc
Avast	Win32:Zbot-MQY [Trj]
Tencent	Malware.Win32.Gencirc.114be520
Ad-Aware	Gen:Heur.Krypt.10
Emsisoft	Gen:Heur.Krypt.10 (B)
Comodo	TrojWare.Win32.Spy.Zbot.AAW@1p8hmz
VIPRE	Gen:Heur.Krypt.10
TrendMicro	WORM_EGGDROP.SMF
McAfee-GW-Edition	BehavesLike.Win32.Dropper.dc
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A + Mal/Resdro-A
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/Generic.bjbjd
Webroot
Google	Detected
Avira	TR/Dropper.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.5E
Kingsoft	Win32.Troj.Generic.a.(kcloud)
Microsoft	Worm:Win32/Arhost.A
ViRobot	Worm.Win32.A.AutoRun.287233
GData	Win32.Trojan.Agent.EF
Cynet	Malicious (score: 100)
AhnLab-V3	Worm/Win32.Palevo.R40484
VBA32	Trojan.Win32.Bofa.01
ALYac	Gen:Heur.Krypt.10
Malwarebytes	Backdoor.Bot
Rising	Worm.Neeris!1.6595 (CLASSIC)
Yandex	Trojan.GenAsa!8XfTprydZQQ
Ikarus	P2P-Worm.Win32.Palevo
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PackAntiEm.A!tr
AVG	Win32:Zbot-MQY [Trj]
Cybereason	malicious.2b0b35
Panda	Trj/Genetic.gen