Dropped:Trojan.Generic.7888637 (file analysis)

The Dropped:Trojan.Generic.7888637 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Dropped:Trojan.Generic.7888637 virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Checks adapter addresses which can be used to detect virtual network interfaces
• Possible date expiration check, exits too soon after checking local time
• Creates RWX memory
• Terminates another process
• Anomalous file deletion behavior detected (10+)
• Guard pages use detected – possible anti-debugging.
• A process attempted to delay the analysis task.
• Dynamic (imported) function loading detected
• Performs HTTP requests potentially not found in PCAP.
• Reads data out of its own binary image
• Drops a binary and executes it
• The binary contains an unknown PE section name indicative of packing
• The binary likely contains encrypted or compressed data.
• Creates an autorun.inf file
• Authenticode signature is invalid
• Sniffs keystrokes
• Attempts to modify desktop wallpaper
• Checks for the presence of known windows from debuggers and forensic tools
• Checks for the presence of known windows from debuggers and forensic tools
• Network activity contains more than one unique useragent.
• Installs itself for autorun at Windows startup
• Attempts to modify proxy settings
• Attempts to disable System Restore
• Attempts to disable UAC
• Attempts to modify or disable Security Center warnings
• Modifies Image File Execution Options, indicative of process injection or persistence
• Anomalous binary characteristics
• Attempts to modify Explorer settings to prevent file extensions from being displayed
• Attempts to modify Explorer settings to prevent hidden files from being displayed
• Uses suspicious command line tools or Windows utilities

How to determine Dropped:Trojan.Generic.7888637?

File Info:
name: 15EF3A70767C968E2B40.mlw
path: /opt/CAPEv2/storage/binaries/aede377a208dd4cb51f1ee5df2170f026ea15e10e6a98188ec828959625c4f33
crc32: 1FB7EE11
md5: 15ef3a70767c968e2b406ec1453ce389
sha1: ea106ca3b1f7deed367c10f35e7369300f6f0f1b
sha256: aede377a208dd4cb51f1ee5df2170f026ea15e10e6a98188ec828959625c4f33
sha512: b13cea12df877e5494994018f8be4ba708817489c6f7a2aa54eb8aa74c75af688f6d6eb1cf3ee2c477878876af8af106777d5e0c33821ac51269380ed41c7633
ssdeep: 1536:wVB9ew1O/1hhDiZnHba3W74s3KdWGGZttlI6TRqnouy8hyG+jK:wVe1fh8nHbao6dWntI6TRyouthyL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15453E0D6DD894621E2629271BD5FAE935868F02D704A99E3B7C03F2FF9357183A0193C
sha3_384: 82e27ea5971f3f2bdcf9d3e960d09e5d226578250495c6e88819286bd60133b5266b5ae857aece48f509ba482bb422af
ep_bytes: 60be153043008dbeebdffcff5789e58d
timestamp: 1970-01-01 03:25:45

Version Info:
FileDescription: Multimedia Video File
FileVersion: 1.00
ProductVersion: 1.0
Translation: 0x0409 0x04b0

Dropped:Trojan.Generic.7888637 also known as:

How to remove Dropped:Trojan.Generic.7888637?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.