Malware

What is “Dropper.167”?

Malware Removal

The Dropper.167 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Dropper.167 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the PyInstaller malware family
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Dropper.167?



File Info:

name: 4CD66DCDCE38EDF011D3.mlw
path: /opt/CAPEv2/storage/binaries/fcf3621fe9afee890fd25b90cd3489727400c32e5c18dc0fc34dded2cd019427
crc32: B9937DC1
md5: 4cd66dcdce38edf011d38ca90945353d
sha1: f1f7b8296f66df9af97b19a20bea7cefa08d4b69
sha256: fcf3621fe9afee890fd25b90cd3489727400c32e5c18dc0fc34dded2cd019427
sha512: 8d1b51a1ffbd2fd456762e603d5ae674e6d6332518ee780480803cd39cd3de45665baa7e5bce102d28b3fde7b79b9c4dbbf4949b455d2824501954bf52c1b43b
ssdeep: 49152:0T67KKf7qZUCalu0WCT/vWTufF52hHb+2Bc5UE5:bvOqCVbTwIhHKOc53
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T114B53349F5E587F0C5F4803468ABFAAFE46CAA7B5B151C26EB0C76192C637B72C09350
sha3_384: ed6b19d5f0b522e03995c0ef0bc782b197529ab74532dbc9516834c97f666c84f8b5b0688666d8c1935824c8c297cd59
ep_bytes: 83ec0cc70598d5410001000000e8be85
timestamp: 1970-01-01 00:00:00


Version Info:

CompanyName: Intel Co.
ProductName: Intel Graphic Loader Extenstion
ProductVersion: 1, 0, 14, 1
InternalName: IntelGFX
OriginalFilename: IntelGFX.exe
FileVersion: 1, 0, 14, 1
FileDescription: Intel GFX Driver Loader Extension
LegalCopyright: Intel Corporation
LegalTrademarks: Intel Corporation
Translation: 0x0409 0x04b0

Dropper.167 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
DrWebPython.BackDoor.39
MicroWorld-eScanGen:Variant.Dropper.167
ALYacGen:Variant.Dropper.167
CylanceUnsafe
SangforWorm.Win32.Agent.NXN
K7AntiVirusTrojan ( 000700231 )
AlibabaWorm:Win32/Swrort.c9c5630e
K7GWTrojan ( 000700231 )
Cybereasonmalicious.dce38e
Elasticmalicious (high confidence)
ESET-NOD32Win32/Agent.NXN
Paloaltogeneric.ml
KasperskyTrojan.Win32.Agent.nezatf
BitDefenderGen:Variant.Dropper.167
NANO-AntivirusTrojan.Win32.Swrort.fqiwhq
AvastWin32:Malware-gen
Ad-AwareGen:Variant.Dropper.167
EmsisoftGen:Variant.Dropper.167 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
FireEyeGen:Variant.Dropper.167
SophosMal/Generic-S
GDataGen:Variant.Dropper.167
AviraTR/Swrort.Gen7
ArcabitTrojan.Dropper.167
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Occamy.CFC
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Agent.R421980
McAfeeGenericR-KJO!4CD66DCDCE38
VBA32Trojan.Agent
MalwarebytesMalware.AI.1831978478
APEXMalicious
TencentWin32.Worm.Agent.Phgw
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/GenericR.KJO!tr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Dropper.167?

Dropper.167 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment