Trojan

Dropped:Trojan.Bat.Shutdown.AB removal

Malware Removal

The Dropped:Trojan.Bat.Shutdown.AB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Dropped:Trojan.Bat.Shutdown.AB virus can do?

  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Japanese
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Dropped:Trojan.Bat.Shutdown.AB?


File Info:

name: F2113A32C93EEC4B61D6.mlw
path: /opt/CAPEv2/storage/binaries/f012ff20658a78a6701e4dcc62d16de3f3f206092d1e073102fe9b71ea20edde
crc32: 686092E5
md5: f2113a32c93eec4b61d65b62fc0e3eb6
sha1: 8afffdaccdca7852c78cee1fcef1fcf500a2d456
sha256: f012ff20658a78a6701e4dcc62d16de3f3f206092d1e073102fe9b71ea20edde
sha512: baf93d0acb02cc9c09b959e2ca07d3acc87ce086454da27476bb406f7ad858ab2116a6d7b1c581c2bb7b69e4a47200d59f60283f885714f047efbbabcf38dd72
ssdeep: 384:S8LHqBUc64Ty1ReVh9EuOaNJawcudoD7UroKDZx:5aFYG9EufnbcuyD7U
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T164524C07F055D884C5DC9039488B6EEE0829F80FD0E17BE227D43A3F9C52F94B5699DA
sha3_384: 7e13ecf16b69ec4af162a2bfeff997d2571f492e1ece5fc6a94f28e9212448eb06bc7e45ec476c2fdcde1fedcc259b4b
ep_bytes: 60be159040008dbeeb7fffff5789e58d
timestamp: 2007-10-15 13:31:06

Version Info:

0: [No Data]

Dropped:Trojan.Bat.Shutdown.AB also known as:

LionicTrojan.Win32.KillWin.4!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanDropped:Trojan.Bat.Shutdown.AB
FireEyeDropped:Trojan.Bat.Shutdown.AB
McAfeeArtemis!F2113A32C93E
ZillyaTrojan.Killwin.Win32.1
AlibabaTrojan:Win32/KillWin.9da00105
CyrenW32/Trojan.JWDC-1838
SymantecML.Attribute.HighConfidence
APEXMalicious
ClamAVWin.Malware.Agent-9912143-0
KasperskyTrojan.Win32.KillWin.dk
BitDefenderDropped:Trojan.Bat.Shutdown.AB
NANO-AntivirusTrojan.Win32.Gendal.iijcd
AvastWin32:KillWin-BC [Trj]
Ad-AwareDropped:Trojan.Bat.Shutdown.AB
EmsisoftDropped:Trojan.Bat.Shutdown.AB (B)
ComodoMalware@#3k9vdfigux5i5
VIPREDropped:Trojan.Bat.Shutdown.AB
McAfee-GW-EditionBehavesLike.Win32.Trojan.lh
Trapminemalicious.moderate.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Malicious PE
GDataDropped:Trojan.Bat.Shutdown.AB
JiangminTrojan/PSW.Almat.ckc
GoogleDetected
MicrosoftPWS:Win32/Zbot!ml
VBA32BScope.Trojan.Qhost
ALYacDropped:Trojan.Bat.Shutdown.AB
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Win32.KillWin.dk (CLASSIC)
YandexTrojan.KillWin!GsMJomDz5JM
IkarusTrojan.Crypt
FortinetW32/KillWin.DK!tr
AVGWin32:KillWin-BC [Trj]
Cybereasonmalicious.2c93ee
PandaTrj/Killwin.S

How to remove Dropped:Trojan.Bat.Shutdown.AB?

Dropped:Trojan.Bat.Shutdown.AB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment