Malware

BScope.Downloader.ChinDowl removal

Malware Removal

The BScope.Downloader.ChinDowl is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.Downloader.ChinDowl virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo

How to determine BScope.Downloader.ChinDowl?



File Info:

name: 4F123800D3E2F499B419.mlw
path: /opt/CAPEv2/storage/binaries/bf78ff5c0e991eae92e42eea7e4906fb5895e2dd19abe9d9caece5964c350b38
crc32: 2E78EC7D
md5: 4f123800d3e2f499b419f89c0008aa40
sha1: bfd5ca3f739cd7ef36487c05cb2c96eb24ea7647
sha256: bf78ff5c0e991eae92e42eea7e4906fb5895e2dd19abe9d9caece5964c350b38
sha512: 70c71c2d1d9f9da37bc14a5cfde4dc7475bcd3aabfefe8e64b754a4ce34e3645e53553990692e453933eeb1f8ef213d60cfe38e0712db7a641c4496f75b3a004
ssdeep: 98304:lDCl4GHEgS62rz5yP9CFHErSuG2Xo1KQrqLkPwuCEpSIm74ii9PXm45YjhmrTjd6:wI2AHEbYKzQPrcIBNm4WIDXsTWv0v
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1717633F215753C46DE03CA3023F50E35D5F37B8AE0779B9FA28512A59AAF48EA114D0B
sha3_384: 725f6db587eaa8541ac9a0a6b749c49ace29fee0f1fc6985a795a28d0a0631deb897f40aa0fe9d64a620cca35cdeac2c
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-05-03 14:08:38


Version Info:

0: [No Data]

BScope.Downloader.ChinDowl also known as:

LionicTrojan.Win32.Lotok.m!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader33.34006
FireEyeGeneric.mg.4f123800d3e2f499
CAT-QuickHealBackdoor.ZegostRI.S13133422
McAfeeArtemis!4F123800D3E2
CylanceUnsafe
K7AntiVirusTrojan ( 005246d51 )
AlibabaMalware:Win32/km_2c34941.None
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.0d3e2f
ArcabitTrojan.Malware.JquaaOXYz4jb
BitDefenderThetaGen:NN.ZexaF.34062.@t0@a8iTWRkH
CyrenW32/Agent.EW.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_GEN.R002C0DL521
Paloaltogeneric.ml
ClamAVWin.Malware.Generic-9820446-0
KasperskyUDS:Backdoor.Win32.Lotok.gen
BitDefenderGen:Trojan.Malware.JquaaOXYz4jb
NANO-AntivirusTrojan.Win32.GenKryptik.hjbzvv
AvastWin32:BackdoorX-gen [Trj]
RisingTrojan.Generic@ML.100 (RDML:Ee49Oab2SY7z1oqJK14JCg)
SophosMal/Generic-R
ComodoTrojWare.Win32.Aebot.EF@4ye0hx
F-SecureTrojan.TR/AD.Farfli.kkgpz
TrendMicroTROJ_GEN.R002C0DL521
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
EmsisoftGen:Trojan.Malware.JquaaOXYz4jb (B)
JiangminTrojan.Generic.gsmfx
AviraTR/Dropper.Gen2
MAXmalware (ai score=82)
Antiy-AVLTrojan/Win32.FlyStudio.a
GridinsoftRansom.Win32.Gen.sa
MicrosoftBackdoor:Win32/Zegost.CQ!bit
GDataWin32.Application.PUPStudio.A
CynetMalicious (score: 99)
ALYacGen:Trojan.Malware.JquaaOXYz4jb
VBA32BScope.Downloader.ChinDowl
MalwarebytesPUP.Optional.ChinAd
APEXMalicious
TencentWin32.Trojan.Farfli.Pdwc
YandexTrojan.GenKryptik!6/WAPNYvv1A
SentinelOneStatic AI – Suspicious PE
FortinetW32/CoinMiner.65CA!tr
AVGWin32:BackdoorX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove BScope.Downloader.ChinDowl?

BScope.Downloader.ChinDowl removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment