Win32 malware.gen

Win32 malware.gen Description

CMD Ransomware Ransomware ScreenshotWin32 Malware.gen is a so-called generic threat - a suspicious file fetched by an anti-virus scan that appears to be malicious but does not match any of the definitions of known malware threats contained in the anti-virus software's database. Therefore, an alert from an anti-malware program for a Win32 Malware.gen detection indicates that there is a 32-bit file on a Windows operating system that should be flagged for further inspection. An infection generally described as Win32 Malware.gen is thus a heuristic detection designed to indicate the presence of some kind of a yet undetermined Trojan horse for Windows PCs. It is also possible that files reported as a Win32 Malware.gen infection are actually clean, whereby in this case no further actions on the side of the user are necessary. If malicious though, once installed on a computer, the file alters the system setting and registry which will eventually lead to overall poor performance and a series of undesired security issues. This type of malware could also contain additional malicious codes that can open a backdoor for remote access to the affected device. Particularly annoying is also the fact that this threat can reinstall itself on one and the same system multiple times if its core files have not been deleted. At the same time, there are no visible symptoms, as with any Trojan horse infection. Trojan horses detected by the Win32.Malware.gen definition are capable of performing tasks like installing additional malware, modifying Windows system files, stealing personal details, as well as redirecting users to suspicious domains filled with intrusive ads. Removal can be tricky and usually requires a professional removal tool.

The Immense and Silent Damage Potential

Malicious programs which are known to exhibit the characteristics of a Win 32 Malware.gen infection operate in an invisible manner. All these hazardous programs have immense potential to perform a wide range of activities that could impose massive damage on the infected computer. What makes this type of malware even more dangerous is the fact that the user does not notice anything of the harmful processes that are running while the virus is working towards achieving its primary goals. Users should be prepared and should be aware of what is coming to them if they do not remove the malware immediately. The most dangerous functionality of the virus is its ability to download and install additional tools on the infected machine, which in turn, could have a variety of malicious functions. Some of the various tasks that a Win 32 Malware.gen payload could be programmed to perform are, therefore, the following:

  • Open a backdoor that will provide the attackers with remote access to the affected PC
  • Turn the computer into a bot controlled by the hackers
  • Install a spying tool/keylogger that collects sensitive data and sends it to cybercriminals
  • Display pop-up windows that urge the user to download fake updates of legit programs
  • Modify the installed Internet browsers to inject corrupted ads and hyperlinks to the web pages the user visits

Obviously, malware threats from the Win32 Malware.gen group disrupt massively the performance of the infected computer. They can be exploited by hackers to delete or corrupt important Windows system files, making a device not fully functional, or even crashing it down completely. The ability to install spying tools is another feature that deserves special attention. Cyber espionage programs that could be dropped on a computer by a Win32.Malware.gen threat are able to switch on the available recording devices of a system, such as webcams and microphones, and then make video or audio recordings to stalk on the device's owner. Keyloggers, on the other hand, can record all keystrokes made on a keyboard, meaning that they will capture the victim's usernames, passwords, credit card details and so on, and then send these to the malware's owners, providing the cybercriminals with access to all online accounts of the user and with his or her credit card data. The crooks are often also after data related to a targeted user's job and could be willing to collect details about the projects the user is working on for the sake of industrial espionage.

In other cases, a computer's resources could be the actual target of the attackers. Win32 Malware.gen infections can turn a computer into a bot - a machine completely controlled by hackers who then exploit its operating capacity for various illegal purposes like online fraud, DDoS attacks, and many others. Furthermore, many Trojans from the Win 32.Malware.gen-type are also designed to distribute Ransomware threats which encrypt critical files on the affected computer and demand the payment of ransom from the user for a decryption key. Typically, the locked data is never recovered as either the user does not get any decryption key at all, or the one provided by the criminals does not work.
Ways to Spread

Just like the numerous ways that a Win32 Malware.gen infection could harm a Windows computer, it also has many channels of distribution. Win32 malware.gen is able to spread through malicious websites, as well as embedded into torrents in file-sharing networks. However, its favorite way to infiltrate a computer is through obfuscated e-mail attachments, fake updates of software applications, or cracked programs. In any case, a Trojan cannot enter a system without any human interaction, so the attackers need to rely on social engineering techniques to spread the malware rather than exploit system vulnerabilities. To summarize, the tricky ways to persuade a user into downloading and installing the malicious payload include:

  • Opening an infected attachment to an email that uses the names/logos of a well-known company, a state institution, or a famous person
  • Downloading and installing fake updates of legit software programs
  • Clicking on a corrupted link or an eye-catching ad on the Internet
  • Downloading shareware/freeware with an embedded malware code

Having all that in mind, there are some cybersecurity tips that users can follow in order to prevent infection with such a dangerous Trojan. Never open suspicious e-mail attachment from unknown senders, do not click on aggressive pop-up windows or security alerts, install software and its updates only from the official website of the developer, avoid visiting websites that are known to have a high risk of malicious scripts (like gambling, adult-themed, or gaming websites), do not download and install files from P2P networks. Finally, install a reliable anti-virus solution that offers real-time protection and has an updated base of malware definitions.


A Win32 Malware.gen infection can be detected under many different names. Some of the names under which most anti-malware applications detect a Windows32 Malware.gen threat are aspnet_compiler.exe,  BrowserAir, RedBoot, WinSec, Wooly, Filelce, and Revenge. These are all malware threats that lead to data loss, identity theft, stolen online banking credentials, encrypted files, poor browsing experience, overall sluggish PC performance, and many other undesired side effects. Cleaning your machine of this types of malware is, therefore, of crucial importance.

Aliases: PE:Trojan.Win32.Generic.13E8CDB3!334024115, VCS/Environment.DigitalFN [Antiy-AVL], Virus.Win32.Xpaj.1!O, Agent2.CBME [AVG], W32/BHO.AQ!tr [Fortinet], Trojan.BHO [Ikarus], Trojan.Win32.Generic.12746B63, Dropper/Bho.221184 [AhnLab-V3], TrojanDownloader:Win32/Regonid.A [Microsoft], Trojan/win32.agent.gen [Antiy-AVL], TrojanClicker.Agent.epp, Mal/BHO-AY [Sophos], Trojan.BHO!IK, Trojan.Generic.5408453 [BitDefender] and HEUR:Trojan.Win32.Generic [Kaspersky].

Technical Information

Screenshots & Other Imagery

Win32 malware.gen Image 1 Win32 malware.gen Image 2

File System Details

Win32 malware.gen creates the following file(s):
# File Name Size MD5 Detection Count
1 %USERPROFILE%\718991ksb7k2\ 934,400 6a93a4071cc7c22628af40a4d872f49b 4,499
2 %WINDIR%\System32\drivers\HttpSec.sys 373,760 da2411237a40b8cfc775fc25d7463a60 294
3 %PROGRAMFILES%\rnamfler\radprlib.dll 47,104 52c6d734c288a026f2b19ce6bbefa302 153
4 %PROGRAMFILES%\rnamfler\radhslib.dll 62,976 54fc6b247afa41b7a4b24bca0d911d40 119
5 %USERPROFILE%\718991ksb7k2\29047.vbs 135 8fe045b691b57fc986f1057f6bd14918 9
6 %PROGRAMFILES%\rnamfler\naofsvc.exe 110,664 fbcc9603f753672fa4317ad840ea6109 4
7 %PROGRAMFILES%\rnamfler\radprcmp.exe 172,032 4932be5378ceaae3e63e8ebe1ad2c855 2
8 %PROGRAMFILES(x86)%\rnamfler\naomf.exe 1,043,016 18984923f4e4dfc67ff954e6a68b0aaa 2
9 %APPDATA%\sistem\svchost.exe 429,078 d306de53ce9a97060e4f686566c40bc6 2
10 %WINDIR%\system32\SMcoc.exe 8,192 b7114bd26cadc3c9db1fe918165cfbe8 1
11 virustest.exe 12,345,678 6046eabb1adc975efb724b492982b376 0
12 document.exe 454,672 dae4bc7cf2df5e00e8f8cbdeba9b9976 0
More files

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.


Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.