Malware

Generic.LoadaRat.A.C1C20E29 (B) removal instruction

Malware Removal

The Generic.LoadaRat.A.C1C20E29 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.LoadaRat.A.C1C20E29 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Generic.LoadaRat.A.C1C20E29 (B)?



File Info:

name: F13E15A62A65E12947E2.mlw
path: /opt/CAPEv2/storage/binaries/415bed5eb95cfd70bf3cb59c066655a91108919f3377a157f48d835e0e16839f
crc32: 2CF91FBF
md5: f13e15a62a65e12947e2259a1ee67abc
sha1: ea8e15e6bff124b2e8177c0a2bc358dd370599d0
sha256: 415bed5eb95cfd70bf3cb59c066655a91108919f3377a157f48d835e0e16839f
sha512: 63ccae58aaccfe2141a2f223553d93550e1cb3966a9df87d6427cb41ec8ba773ca1bdcc332f2fda3ecced629ff1a9312fa653d6fe0402b48e6de374c6d3425f6
ssdeep: 49152:XJZoQrbTFZY1iaeT08ZX21U0iCuBJZoQrbTFZY1iaeT08ZX21U0iCu9:XtrbTA1oZ6UiuBtrbTA1oZ6Uiu9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T108D57C31DCC66821C2F132F4C977A6259226DC2352338B57A6F87E117AB064BFE3661D
sha3_384: f278e5143e43b48038d7f2185a55b8375bcb2798f2c3c4ca827038eec063f5ea3cb5d215f3590e6c36e1379449711754
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28


Version Info:

FileDescription: 
FileVersion: 3, 3, 8, 1
CompiledScript: AutoIt v3 Script: 3, 3, 8, 1
Translation: 0x0809 0x04b0

Generic.LoadaRat.A.C1C20E29 (B) also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.LoadaRat.A.C1C20E29
FireEyeGeneric.mg.f13e15a62a65e129
McAfeeAutoIt/Injector.ar
CylanceUnsafe
CrowdStrikewin/malicious_confidence_100% (D)
ESET-NOD32a variant of Win32/Autoit.DB
APEXMalicious
ClamAVTxt.Malware.LodaRAT-9769386-0
KasperskyHEUR:Backdoor.Script.LodaRat.a
BitDefenderGeneric.LoadaRat.A.C1C20E29
AvastAutoIt:KeyLogger-R [Trj]
EmsisoftGeneric.LoadaRat.A.C1C20E29 (B)
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.vc
SophosGeneric ML PUA (PUA)
IkarusTrojan.Autoit
AviraHEUR/AGEN.1229437
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGeneric.LoadaRat.A.C1C20E29 (2x)
CynetMalicious (score: 100)
BitDefenderThetaAI:Packer.7492DFF116
ALYacGeneric.LoadaRat.A.C1C20E29
MAXmalware (ai score=86)
VBA32Trojan.Autoit.F
RisingBackdoor.888Rat/Autoit!1.C8E3 (CLASSIC)
eGambitUnsafe.AI_Score_88%
FortinetAutoIt/Agent.DB!tr
AVGAutoIt:KeyLogger-R [Trj]
Cybereasonmalicious.62a65e
MaxSecureTrojan.Autoit.AZA

How to remove Generic.LoadaRat.A.C1C20E29 (B)?

Generic.LoadaRat.A.C1C20E29 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment