Malware

Should I remove “Downloader.Win32.Snojan.gaf”?

Malware Removal

The Downloader.Win32.Snojan.gaf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Downloader.Win32.Snojan.gaf virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Downloader.Win32.Snojan.gaf?



File Info:

name: 5B23BE19F0F319F705E5.mlw
path: /opt/CAPEv2/storage/binaries/db0424a86f86bbadc384ddcb25b0cc4b1cc97e65c0e7e099d955cc36a4ddbb59
crc32: FB09BD0C
md5: 5b23be19f0f319f705e568676ed015e8
sha1: 938e3d8cc23f779bb05adcca7ca2d13e5ff408d4
sha256: db0424a86f86bbadc384ddcb25b0cc4b1cc97e65c0e7e099d955cc36a4ddbb59
sha512: a1c59d3fbd1e9b7c80bacb72f421840f328cab869a7c43e3ccbbed9d6b04c9fd470186c9a2b75f532725ccfc4057b09ba17634873a54ecbc36052e4a6acd77bd
ssdeep: 49152:AreJdeWyodNLMcgwlkR2kVZZPfA3AaqQ+RSfwyk1nRJpz:EeJIENYd7rVZZXAQakShknlz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18DB5231337A094B7E9E348706B168E1696BA78705C96C307B7E50B4F6E70B82B53A707
sha3_384: d7d215d34c2fa00eb1e7c13594e71c7fc542f093a6fa7aabcbfc42c2dc0f4432d9c2ec69b8923a124b694e853b063a85
ep_bytes: e8b9890000e978feffffff353c774400
timestamp: 2015-08-19 11:45:24


Version Info:

CompanyName: 123Juzi.COM
FileDescription: hao123桔子浏览器
FileVersion: 1.1.9.1040
InternalName: setup.exe
LegalCopyright: Copyright @ 2015 123Juzi.COM. All Rights Reserved.
OriginalFilename: setup.exe
ProductName: hao123桔子浏览器
ProductVersion: 1.1.9.1040
Translation: 0x0804 0x04b0

Downloader.Win32.Snojan.gaf also known as:

FireEyeGeneric.mg.5b23be19f0f319f7
Cylanceunsafe
SangforTrojan.Win32.Agent.V935
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Hao123.H potentially unwanted
Kasperskynot-a-virus:Downloader.Win32.Snojan.gaf
SophosGeneric Reputation PUA (PUA)
JiangminTrojan.Inject.byqw
WebrootW32.Trojan.Gen
ZoneAlarmnot-a-virus:Downloader.Win32.Snojan.gaf
DeepInstinctMALICIOUS
VBA32BScope.Adware.Hao
MalwarebytesPUP.Optional.Hao123
TrendMicro-HouseCallTROJ_GEN.R002V01JI23
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.215641027.susgen
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/grayware_confidence_100% (D)

How to remove Downloader.Win32.Snojan.gaf?

Downloader.Win32.Snojan.gaf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment