Worm

Worm:Win32/Phorpiex.A (file analysis)

Malware Removal

The Worm:Win32/Phorpiex.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Worm:Win32/Phorpiex.A virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Executed a process and injected code into it, probably while unpacking
  • Queries information on disks, possibly for anti-virtualization
  • Detects Sandboxie through the presence of a library
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Operates on local firewall’s policies and settings
  • Connects to an IRC server, possibly part of a botnet
  • Anomalous binary characteristics

Related domains:

rox.drshells.net

How to determine Worm:Win32/Phorpiex.A?


File Info:

crc32: AC2076A6
md5: e3c42c6bdb4e0877682e78fe7016d3d5
name: E3C42C6BDB4E0877682E78FE7016D3D5.mlw
sha1: 25597f9dedcfbf3722fcfea66f54edbd71a4d724
sha256: 5b65281389ad19450938f350c9df2db4585448fb08a5d4d7627c243a9f974c4c
sha512: 2d7c40cce721ebeaf7c7452a867bdc82a21e21d4dd29262d40367ebcf73a286ab1ca4c57ed8072228d457c3f9d3c91aeca458816fa44349c944e3c335f5a2713
ssdeep: 1536:SKNd+f6ChsQY6makJxcqFqREtTXllfmOH5DZ:9z8sQjCJxh0REpXllfmOH/
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0409 0x04b0
InternalName: lo
FileVersion: 1.06.0005
CompanyName: Martinique Lazarus Coleridge Diophantine Ned
LegalTrademarks: I've Cyclops
Comments: Lund Sunday
ProductName: Nelsen Durer
ProductVersion: 1.06.0005
FileDescription: Mardi Hom
OriginalFilename: lo.exe

Worm:Win32/Phorpiex.A also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.gm0@nuzaEloi
FireEyeGeneric.mg.e3c42c6bdb4e0877
Qihoo-360Win32/Trojan.Dropper.1eb
ALYacGen:Heur.PonyStealer.gm0@nuzaEloi
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforMalware
K7AntiVirusP2PWorm ( 004bdc981 )
BitDefenderGen:Heur.PonyStealer.gm0@nuzaEloi
K7GWP2PWorm ( 004bdc981 )
Cybereasonmalicious.bdb4e0
CyrenW32/VBInject.1!Generic
SymantecML.Attribute.HighConfidence
TotalDefenseWin32/VBInject.O!generic
APEXMalicious
AvastWin32:Patched-AML
ClamAVWin.Worm.Phorpiex-7163127-0
KasperskyTrojan-Dropper.Win32.Sysn.aduc
AlibabaTrojanDropper:Win32/IRCBot.e31f0cc5
NANO-AntivirusTrojan.Win32.Sysn.fgvmqp
ViRobotTrojan.Win32.A.VBKrypt.98304.E
TencentWin32.Trojan-dropper.Sysn.Akym
Ad-AwareGen:Heur.PonyStealer.gm0@nuzaEloi
SophosML/PE-A + Mal/VBCheMan-C
ComodoTrojWare.Win32.Agent.~kst@3yda0g
F-SecureTrojan.TR/Patched.Ren.Gen
DrWebWin32.HLLW.Phorpiex.5
ZillyaTrojan.VBKrypt.Win32.71071
TrendMicroWORM_AUTORUN.HDT
McAfee-GW-EditionTrojan-FBIP!E3C42C6BDB4E
EmsisoftGen:Heur.PonyStealer.gm0@nuzaEloi (B)
IkarusVirus.Win32.Ramnit
JiangminWorm/AutoRun.alsd
AviraTR/Patched.Ren.Gen
MAXmalware (ai score=100)
Antiy-AVLWorm/Win32.AutoRun
MicrosoftWorm:Win32/Phorpiex.A
ArcabitTrojan.PonyStealer.E77C99
SUPERAntiSpywareTrojan.Agent/Gen-Falleg[T]
ZoneAlarmTrojan-Dropper.Win32.Sysn.aduc
GDataGen:Heur.PonyStealer.gm0@nuzaEloi
CynetMalicious (score: 100)
Acronissuspicious
McAfeeTrojan-FBIP!E3C42C6BDB4E
VBA32BScope.Worm.WBNA
MalwarebytesNimnul.Virus.FileInfector.DDS
PandaGeneric Malware
ESET-NOD32Win32/AutoRun.IRCBot.HO
TrendMicro-HouseCallWORM_AUTORUN.HDT
RisingWorm.Phorpiex!8.48D (TFE:3:6uY6ZXkOQEE)
YandexTrojan.GenAsa!ShdSGCqlIog
SentinelOneStatic AI – Malicious PE
FortinetW32/AutoRun.C!worm
BitDefenderThetaAI:Packer.CAB5237220
AVGWin32:Patched-AML
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Worm:Win32/Phorpiex.A?

Worm:Win32/Phorpiex.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment