Trojan

What is “BScope.Trojan.Solimba”?

Malware Removal

The BScope.Trojan.Solimba is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.Trojan.Solimba virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine BScope.Trojan.Solimba?



File Info:

name: 78407B1C0262AB8BF122.mlw
path: /opt/CAPEv2/storage/binaries/1d55bbd6fbe879cbcb429b2f3a430ae344faf92678d4fcc080aed0d3e8fa8687
crc32: 07AEEB95
md5: 78407b1c0262ab8bf1220199c1bc08e2
sha1: 67f6958e8f5a9c261db6fbb88a492130e09d5ede
sha256: 1d55bbd6fbe879cbcb429b2f3a430ae344faf92678d4fcc080aed0d3e8fa8687
sha512: 0a3da16b974a782662ec039719d8ca8d4b9844b1356afc17cb15da3b2861e891f2bcdc7b2a212dc088c1991737baed2747bea92c6001d6d378c6ef3050661ce0
ssdeep: 49152:L62XmS+1UwuWI+g144T+CXB+Ow0igqpjlPUEnfQ8bGxP81anGC5R:L6+wgGg1L+W+Ow7nppPUEfEP4C
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124C523803A3D586BCA23483722E7DBFE855FAF281E05556299C0778F0B3338D9752663
sha3_384: 0fd3b28b6baceeff0a60fad1748a4d991793953ec6635831ed4c3d1bb521f50c71b4ac53c52b35b0395746777568157a
ep_bytes: 60be00204b008dbe00f0f4ff5789e58d
timestamp: 2015-08-27 09:17:16


Version Info:

FileVersion: 6.5.36.517
Comments: WanDrv6.5 - ITianKong.Com
FileDescription: 万能驱动助理主程序
ProductVersion: 6.5
LegalCopyright: Copyright xcp 2006-2015 ITianKong.Com, All Rights Reserved.
OriginalFilename: WanDrv6.exe
ProductName: 万能驱动助理
InternalName: 万能驱动
CompanyName: IT天空(ITianKong.Com)
Translation: 0x0804 0x04b0

BScope.Trojan.Solimba also known as:

BkavW32.AIDetectMalware
FireEyeGeneric.mg.78407b1c0262ab8b
CAT-QuickHealTrojan.Generic.S2098
Cybereasonmalicious.c0262a
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Packed.AutoIt.PC
APEXMalicious
SentinelOneStatic AI – Malicious PE
Antiy-AVLGrayWare/Autoit.BinToStr.a
BitDefenderThetaAI:Packer.572834B317
VBA32BScope.Trojan.Solimba
RisingTrojan.Obfus/Autoit!1.C72A (CLASSIC)
DeepInstinctMALICIOUS

How to remove BScope.Trojan.Solimba?

BScope.Trojan.Solimba removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment