Categories: Worm

Worm:Win32/Gnoewin.A (file analysis)

The Worm:Win32/Gnoewin.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:Win32/Gnoewin.A virus can do?

  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Harvests cookies for information gathering
  • Uses suspicious command line tools or Windows utilities

How to determine Worm:Win32/Gnoewin.A?



File Info:

name: 73180C3290FC7DA71C2D.mlwpath: /opt/CAPEv2/storage/binaries/9c7f4bb885f67a68cc34e9ebecfa5cc63c390bfe1f7ae840e3247c16fc519447crc32: AD25507Cmd5: 73180c3290fc7da71c2d8d53ae9a2cf8sha1: 0b476920dfedbefbffa0e6fe1ab4f23a1b679d5csha256: 9c7f4bb885f67a68cc34e9ebecfa5cc63c390bfe1f7ae840e3247c16fc519447sha512: fa5868884e3664ee5138953a5d7b49a8de5f7f3bcd1b13a7f5d1e22b9ca66abb280ec7a979eb27a6e003214b82a7faf347b9ae4469c7fe6d385784feb8c6c9c5ssdeep: 768:x3l/kjgkPCBlkuaIQHdUxD2IiB/p/B7k68Oeau+NgKhdBmF28YIwgz6dXY4e9P2N:zTkPCfRr2Im/d8m1IUXYb9PltItype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T10B938E10BBC68CA2F2BE4B31EFFEF738443937F5B9C65A2C425976551A23A14320960Dsha3_384: 1f790e068ed5efd3dca9f7ea20ba3379338e2a985c300af99033044b3630a6261e09bb9ccf18eedc5c62b8b0ec428084ep_bytes: 558bec83c4e433c08945ec8945e88945timestamp: 1992-06-19 22:22:17

Version Info:

Comments: LegalCopyright: ©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.CompanyName: Mozilla CorporationFileDescription: FirefoxFileVersion: 8.0ProductVersion: 8.0InternalName: FirefoxLegalTrademarks: Firefox is a Trademark of The Mozilla Foundation.OriginalFilename: firefox.exeProductName: FirefoxBuildID: 20111104165243Translation: 0x0000 0x04b0

Worm:Win32/Gnoewin.A also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Xtreme.ldwI
DrWeb Trojan.FakeAV.11292
MicroWorld-eScan Gen:Trojan.ExplorerHijack.fG0@aGgXtwcm
FireEye Generic.mg.73180c3290fc7da7
ALYac Gen:Trojan.ExplorerHijack.fG0@aGgXtwcm
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
BitDefender Gen:Trojan.ExplorerHijack.fG0@aGgXtwcm
Cybereason malicious.290fc7
BitDefenderTheta AI:Packer.2ACE441420
VirIT Trojan.Win32.Generic.FLZ
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 Win32/Agent.NKQ
Paloalto generic.ml
Kaspersky HEUR:Trojan.Win32.Generic
NANO-Antivirus Trojan.Win32.Buzus.vpjlf
ViRobot Trojan.Win32.A.Buzus.90624.AC
Rising Worm.Autorun!8.50 (TFE:5:XcOruCZQeYL)
Ad-Aware Gen:Trojan.ExplorerHijack.fG0@aGgXtwcm
Sophos Mal/EncPk-AEM
Comodo Suspicious@#261rjfasia2wz
VIPRE Gen:Trojan.ExplorerHijack.fG0@aGgXtwcm
McAfee-GW-Edition PWS-Zbot.gen.bfk
Trapmine malicious.moderate.ml.score
Emsisoft Gen:Trojan.ExplorerHijack.fG0@aGgXtwcm (B)
Ikarus Trojan.Win32.Buzus
Jiangmin Trojan/Generic.anwdg
Webroot W32.Trojan.Gen
Google Detected
Avira TR/Dropper.Gen2
Antiy-AVL Trojan/Generic.ASMalwS.AA
Kingsoft Win32.Troj.Buzus.(kcloud)
Microsoft Worm:Win32/Gnoewin.A
GData Gen:Trojan.ExplorerHijack.fG0@aGgXtwcm
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Jorik.R32195
McAfee PWS-Zbot.gen.bfk
MAX malware (ai score=86)
Malwarebytes MachineLearning/Anomalous.96%
Panda Trj/Genetic.gen
APEX Malicious
Tencent Win32.Trojan.Generic.Rnkl
Yandex Trojan.GenAsa!he3QgtkA2NM
SentinelOne Static AI – Malicious PE
Fortinet W32/Injector.URR!tr
AVG Win32:Malware-gen
Avast Win32:Malware-gen
CrowdStrike win/malicious_confidence_70% (W)

How to remove Worm:Win32/Gnoewin.A?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: FirefoxWorm:Win32/Gnoewin.A
2 years ago

Recent Posts

Application.Bundler.DomaIQ.Q (B) removal guide

The Application.Bundler.DomaIQ.Q (B) is considered dangerous by lots of security experts. When this infection is…

31 mins ago

Jatif.4890 information

The Jatif.4890 is considered dangerous by lots of security experts. When this infection is active,…

31 mins ago

Midie.127575 removal

The Midie.127575 is considered dangerous by lots of security experts. When this infection is active,…

32 mins ago

Malware.AI.1974689421 malicious file

The Malware.AI.1974689421 is considered dangerous by lots of security experts. When this infection is active,…

38 mins ago

Generic.Dacic.94CCEEA9.A.32453306 (file analysis)

The Generic.Dacic.94CCEEA9.A.32453306 is considered dangerous by lots of security experts. When this infection is active,…

53 mins ago

Fugrafa.312973 information

The Fugrafa.312973 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago