Dropper.49 (B) (file analysis)

The Dropper.49 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Dropper.49 (B) virus can do?

Reads data out of its own binary image
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Dropper.49 (B)?


File Info:
name: 5CDFC0641B2B5BC83A62.mlw
path: /opt/CAPEv2/storage/binaries/db9bb49f8a94c67f4ba36db584cb9dbf85ac2154f65cd672c09ecba5edaca02c
crc32: 6A8D779A
md5: 5cdfc0641b2b5bc83a62b62c3a38a791
sha1: 03c2bee19582a1b45d395cf423d91e0fb8e66e45
sha256: db9bb49f8a94c67f4ba36db584cb9dbf85ac2154f65cd672c09ecba5edaca02c
sha512: 38175af3d97c2ecc13a4514d80e7cafe82acde055eeab40ca575f9027b286803caa04c3413500d9da3acf327d3f0f9b29049ffa716b8380a962729187f572039
ssdeep: 12288:+qhq3M5A+XfhaD3gjyOc1WGLleMW+n67wU+UEBJUVhlHBTAKL8:fhz5PvhaD3syb17LleX+6ccEsFJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A3D4BE253BE5C83BC25226744ED8E3B972B98F442E2982435BD16F5F7F30BDAAD24144
sha3_384: f5c9df6332e78796a9643a2c822ebb61c397a0c172c12b010eb7c3d77cb06610aeec602c3230f2f8dcf2e4a3420aa40e
ep_bytes: 558bec6aff6878cc4200689676420064
timestamp: 2018-04-30 12:00:00

Version Info:
CompanyName: Pro Dunia
FileDescription: https://produnia.com
FileVersion: 1
InternalName: 7z.sfx
LegalCopyright: Copyright - Pro Dunia - Gaming Ki Dunia
OriginalFilename: 7z.sfx.exe
ProductName: Pro Dunia setup
ProductVersion: 1
Comments: Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
Translation: 0x0409 0x04b0

Dropper.49 (B) also known as:

Bkav	W32.Common.6779DBA2
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Gen:Variant.Dropper.49
FireEye	Gen:Variant.Dropper.49
Skyhigh	BehavesLike.Win32.BadFile.jh
McAfee	Artemis!5CDFC0641B2B
Cylance	unsafe
Arcabit	Trojan.Dropper.49
BitDefenderTheta	Gen:NN.ZexaCO.36608.Lu0@amsJtFfi
APEX	Malicious
BitDefender	Gen:Variant.Dropper.49
Emsisoft	Gen:Variant.Dropper.49 (B)
VIPRE	Gen:Variant.Dropper.49
Trapmine	malicious.high.ml.score
Webroot	W32.Dropper.Gen
Google	Detected
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Dropper.49
Varist	W32/ABApplication.TGQC-6820
ALYac	Gen:Variant.Dropper.49
MAX	malware (ai score=87)
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	TROJ_GEN.R002H09L823
Rising	Trojan.Generic@AI.91 (RDML:EConWVRmCcPNy16htq7dNg)
MaxSecure	Trojan.Malware.74402838.susgen
DeepInstinct	MALICIOUS

How to remove Dropper.49 (B)?

Dropper.49 (B) removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X