Worm

Worm:Win32/Gnoewin.A (file analysis)

Malware Removal

The Worm:Win32/Gnoewin.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Gnoewin.A virus can do?

  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Worm:Win32/Gnoewin.A?



File Info:

name: 73180C3290FC7DA71C2D.mlw
path: /opt/CAPEv2/storage/binaries/9c7f4bb885f67a68cc34e9ebecfa5cc63c390bfe1f7ae840e3247c16fc519447
crc32: AD25507C
md5: 73180c3290fc7da71c2d8d53ae9a2cf8
sha1: 0b476920dfedbefbffa0e6fe1ab4f23a1b679d5c
sha256: 9c7f4bb885f67a68cc34e9ebecfa5cc63c390bfe1f7ae840e3247c16fc519447
sha512: fa5868884e3664ee5138953a5d7b49a8de5f7f3bcd1b13a7f5d1e22b9ca66abb280ec7a979eb27a6e003214b82a7faf347b9ae4469c7fe6d385784feb8c6c9c5
ssdeep: 768:x3l/kjgkPCBlkuaIQHdUxD2IiB/p/B7k68Oeau+NgKhdBmF28YIwgz6dXY4e9P2N:zTkPCfRr2Im/d8m1IUXYb9PltI
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10B938E10BBC68CA2F2BE4B31EFFEF738443937F5B9C65A2C425976551A23A14320960D
sha3_384: 1f790e068ed5efd3dca9f7ea20ba3379338e2a985c300af99033044b3630a6261e09bb9ccf18eedc5c62b8b0ec428084
ep_bytes: 558bec83c4e433c08945ec8945e88945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
LegalCopyright: ©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.
CompanyName: Mozilla Corporation
FileDescription: Firefox
FileVersion: 8.0
ProductVersion: 8.0
InternalName: Firefox
LegalTrademarks: Firefox is a Trademark of The Mozilla Foundation.
OriginalFilename: firefox.exe
ProductName: Firefox
BuildID: 20111104165243
Translation: 0x0000 0x04b0

Worm:Win32/Gnoewin.A also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Xtreme.ldwI
DrWebTrojan.FakeAV.11292
MicroWorld-eScanGen:Trojan.ExplorerHijack.fG0@aGgXtwcm
FireEyeGeneric.mg.73180c3290fc7da7
ALYacGen:Trojan.ExplorerHijack.fG0@aGgXtwcm
CylanceUnsafe
SangforTrojan.Win32.Save.a
BitDefenderGen:Trojan.ExplorerHijack.fG0@aGgXtwcm
Cybereasonmalicious.290fc7
BitDefenderThetaAI:Packer.2ACE441420
VirITTrojan.Win32.Generic.FLZ
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Agent.NKQ
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Buzus.vpjlf
ViRobotTrojan.Win32.A.Buzus.90624.AC
RisingWorm.Autorun!8.50 (TFE:5:XcOruCZQeYL)
Ad-AwareGen:Trojan.ExplorerHijack.fG0@aGgXtwcm
SophosMal/EncPk-AEM
ComodoSuspicious@#261rjfasia2wz
VIPREGen:Trojan.ExplorerHijack.fG0@aGgXtwcm
McAfee-GW-EditionPWS-Zbot.gen.bfk
Trapminemalicious.moderate.ml.score
EmsisoftGen:Trojan.ExplorerHijack.fG0@aGgXtwcm (B)
IkarusTrojan.Win32.Buzus
JiangminTrojan/Generic.anwdg
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Dropper.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.AA
KingsoftWin32.Troj.Buzus.(kcloud)
MicrosoftWorm:Win32/Gnoewin.A
GDataGen:Trojan.ExplorerHijack.fG0@aGgXtwcm
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Jorik.R32195
McAfeePWS-Zbot.gen.bfk
MAXmalware (ai score=86)
MalwarebytesMachineLearning/Anomalous.96%
PandaTrj/Genetic.gen
APEXMalicious
TencentWin32.Trojan.Generic.Rnkl
YandexTrojan.GenAsa!he3QgtkA2NM
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.URR!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Worm:Win32/Gnoewin.A?

Worm:Win32/Gnoewin.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment