Malware

Generic.RozenaA.570EDE59 information

Malware Removal

The Generic.RozenaA.570EDE59 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Generic.RozenaA.570EDE59 virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to stop active services
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings

Related domains:

thedonald.win

How to determine Generic.RozenaA.570EDE59?



File Info:

crc32: 8BB9C56C
md5: 5b5e120a4cf6fd359750b10a3afe5dd1
name: 5B5E120A4CF6FD359750B10A3AFE5DD1.mlw
sha1: d54e0bb8305f468797fd03f22d64edef03fd65f3
sha256: 9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015
sha512: a4e87629cb12aec6b7d280877210c241e5d9c129b099473ad3c54f2ba0ef6686d940ce8ffb9d65d2b5980e4a2441c87511d61b8fa600f63c26146b0739c6eb46
ssdeep: 3072:Pf/J2ULiTehI8FrkZnGUk8PJ8eNPMX+m1Pi78tCzJcBXt3mQSEV541N:x2UL2i9FzUdPJic8w9cFt3mQSM0
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Copyright (C) 2000
InternalName: FlowerPower
FileVersion: 1, 0, 0, 1
CompanyName: 
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: FlowerPower
SpecialBuild: 
ProductVersion: 1, 0, 0, 1
FileDescription: FlowerPower
OriginalFilename: FlowerPower.EXE
Translation: 0x0c09 0x04b0

Generic.RozenaA.570EDE59 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanDeepScan:Generic.RozenaA.570EDE59
CAT-QuickHealTrojan.Mauvaise.SL1
Qihoo-360HEUR/QVM11.1.3EF7.Malware.Gen
McAfeeRansomware-GPB!499A81ACB626
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 005619a01 )
K7GWTrojan ( 005619a01 )
Cybereasonmalicious.a4cf6f
BitDefenderThetaAI:Packer.43777BD91F
CyrenW32/Agent.BAN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GZNI
APEXMalicious
ClamAVWin.Malware.Razy-7056533-0
KasperskyHEUR:Trojan.Win32.NanoBot.gen
BitDefenderDeepScan:Generic.RozenaA.570EDE59
NANO-AntivirusTrojan.Win32.Inject3.fqtflc
AvastWin32:Kolab-MC [Trj]
Ad-AwareDeepScan:Generic.RozenaA.570EDE59
EmsisoftDeepScan:Generic.RozenaA.570EDE59 (B)
ComodoTrojWare.Win32.Injector.AVPL@8d26g3
F-SecureBackdoor.BDS/Poison.mon
DrWebTrojan.Inject3.16347
McAfee-GW-EditionBehavesLike.Win32.Ransomware.cc
FireEyeGeneric.mg.5b5e120a4cf6fd35
SophosML/PE-A + Troj/AutoG-DQ
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Nymaim.exo
AviraBDS/Poison.mon
Antiy-AVLTrojan/Win32.Nymaim
MicrosoftTrojan:Win32/Skeeeyah
ArcabitDeepScan:Generic.RozenaA.570EDE59
AhnLab-V3Malware/Win32.RL_Generic.R277962
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataDeepScan:Generic.RozenaA.570EDE59
CynetMalicious (score: 100)
ALYacDeepScan:Generic.RozenaA.570EDE59
MAXmalware (ai score=88)
MalwarebytesTrojan.Injector
RisingTrojan.Kryptik!1.BA0B (CLASSIC)
YandexTrojan.GenAsa!jwQBWYdc2PY
IkarusTrojan.Win32.Skeeeyah
eGambitUnsafe.AI_Score_84%
FortinetW32/Kryptik.GZNI!tr
AVGWin32:Kolab-MC [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Generic.RozenaA.570EDE59?

Generic.RozenaA.570EDE59 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment