Malware

Should I remove “Generic.Remcos.1BDF24A6”?

Malware Removal

The Generic.Remcos.1BDF24A6 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.Remcos.1BDF24A6 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the Remcos malware family
  • Creates known Remcos mutexes
  • Creates known Remcos registry keys

How to determine Generic.Remcos.1BDF24A6?



File Info:

name: 9F3C45553AF2DB061187.mlw
path: /opt/CAPEv2/storage/binaries/a4b7ad00cc51b383b491106e80508ab05c34ffd331542753b0faa8b043fb1c2a
crc32: E860DE54
md5: 9f3c45553af2db061187c13e11dc2944
sha1: 3efcb4cc4c0161bd6b38b8cfd33738d2a56bd787
sha256: a4b7ad00cc51b383b491106e80508ab05c34ffd331542753b0faa8b043fb1c2a
sha512: a42803aa7a6a9d554bd2cd525d447dfdb95fba57b0574fb56593ac753c1d6ee30accc21944b616a10392a301825532d68b6f6b6cf4616507616b0058fbb2867e
ssdeep: 12288:iegN0jfYLclGb0bVT6e+MT2MffZS/gRSYo:ENywLclGIeMT2MXZRRSV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19DA49D11B9C1C032D17252700D29FB759AFCBC302935597BB3DA5D9ABE700C1BB2A667
sha3_384: 20b62138417739bc6df9db402b436382c731e919ac5cb8ae1361292f1d7257ce5870fc39cb008672b08cead5fba486b3
ep_bytes: e884040000e98efeffff558bec81ec24
timestamp: 2021-11-20 16:08:19


Version Info:

0: [No Data]

Generic.Remcos.1BDF24A6 also known as:

BkavW32.KakutheminQ.Trojan
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
McAfeeGenericRXPN-QB!9F3C45553AF2
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053ac2c1 )
BitDefenderDeepScan:Generic.Remcos.1BDF24A6
K7GWTrojan ( 0053ac2c1 )
Cybereasonmalicious.53af2d
CyrenW32/Trojan.GCT.gen!Eldorado
ESET-NOD32a variant of Win32/Rescoms.B
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Remcos-9753190-0
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:Win32/Remcos.dbbddecf
ViRobotTrojan.Win32.Z.Remcos.474112.AG
MicroWorld-eScanDeepScan:Generic.Remcos.1BDF24A6
AvastWin32:RATX-gen [Trj]
RisingBackdoor.Remcos!1.B6A7 (CLOUD)
Ad-AwareDeepScan:Generic.Remcos.1BDF24A6
EmsisoftDeepScan:Generic.Remcos.1BDF24A6 (B)
ComodoMalware@#3p61cyo37g7hw
DrWebTrojan.Inject4.20378
ZillyaTrojan.Rescoms.Win32.775
TrendMicroTROJ_GEN.R002C0DA422
McAfee-GW-EditionBehavesLike.Win32.Generic.gh
FireEyeGeneric.mg.9f3c45553af2db06
SophosMal/Generic-S
IkarusTrojan.Win32.Rescoms
GDataWin32.Malware.Bucaspys.B
JiangminTrojan.Generic.hdubr
WebrootW32.Trojan.Remcos
AviraHEUR/AGEN.1108444
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.34D777B
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftBackdoor.Win32.Remcos.oa!s1
ArcabitDeepScan:Generic.Remcos.1BDF24A6
MicrosoftTrojan:Win32/Remcos.SM!MTB
AhnLab-V3Trojan/Win.RemcosRAT.R418128
VBA32Trojan.Inject
ALYacDeepScan:Generic.Remcos.1BDF24A6
MalwarebytesBackdoor.Remcos
TrendMicro-HouseCallTROJ_GEN.R002C0DA422
TencentMalware.Win32.Gencirc.10cf8dec
YandexTrojan.Agent!jHl2uTbxQXY
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_100%
FortinetW32/Rescoms.M!tr
BitDefenderThetaGen:NN.ZexaF.34160.CCW@aGDHPski
AVGWin32:RATX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Generic.Remcos.1BDF24A6?

Generic.Remcos.1BDF24A6 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment