- Security Center
- English ▾
Trojan.Generic.20733800 (BitDefender), Virus:Win32/Virut.BN (Microsoft), HEUR:Virus.Win32.Generic (Kaspersky), Trojan.Generic.20733800 (B) (Emsisoft), W32.Virut.CF (Symantec), Virus.Win32.Virut (Ikarus), Trojan.Generic.20733800 (FSecure), FileRepMalware (AVG), FileRepMalware (Avast), PE_VIRUX.A (TrendMicro), GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, EmailWorm, Virus, Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
SSDeep: 12288:apxlOhdNfBBBT1DQTFdFINsG14RsehppelNBPyspQmlVuzB o:ashRTdIFdF0sXb15mlVuzBp
Size: 600064 bytes
File type: EXE
Company: no certificate found
Created at: 2017-03-20 11:24:14
Analyzed on: Windows7 SP1 32-bit
Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
|EmailWorm||Worm can send e-mails.|
The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):
%original file name%.exe:2052
The following mutexes were created/opened:
No objects were found.
No files have been created.
The process %original file name%.exe:2052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 864 bytes in size. The following strings are added to the hosts file listed below:
The Trojan installs the following user-mode hooks in ntdll.dll:
Product Name: ?????
Product Version: 188.8.131.52
Legal Copyright: ?????? ????????
File Version: 184.108.40.206
File Description: ?????
Language: English (United States)
|Name||Virtual Address||Virtual Size||Raw Size||Entropy||Section MD5|
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
ET TROJAN IRC Nick change on non-standard port
Web Traffic was not found.
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps were not found.
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Restore the original content of the HOSTS file (%System%\drivers\etc\hosts):
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.