Malware

Generic.RozenaA.FE8300C5 removal

Malware Removal

The Generic.RozenaA.FE8300C5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Generic.RozenaA.FE8300C5 virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Generic.RozenaA.FE8300C5?


File Info:

name: AA2CD86EDD78F386375B.mlw
path: /opt/CAPEv2/storage/binaries/9b9528bdec36ad534afa3f62bf1c499b847988dde8e4f844d7a885c30a650b4f
crc32: 485A3542
md5: aa2cd86edd78f386375b4b571d4f0efe
sha1: 7b543fcb965b6e9e98242bee9f3b020245b1807b
sha256: 9b9528bdec36ad534afa3f62bf1c499b847988dde8e4f844d7a885c30a650b4f
sha512: 398550205a3ad79b46791cfb3d4ddf829aa30faafb5140159caf86a4e35aca585f31bccf229a3b1b7dafd5a25367e1e97ae227e41a5dc59b8563c73c7d5ceece
ssdeep: 768:IOLq4IEVrxKgObH48ZhaZ6JmqQA9tKANDw50CWQSrwYnikTJIdIOfgH93q3:IOeerxPObHNZhaGmFA9JDPCWQCokTJP+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BE23F1782FF59A09F37BA73534B8065A4ABFB908E97BD7CC8534321A68712538D02703
sha3_384: cde16f714b9f0cc78b701c623d9e3e5f5a749da894509da37abaca62fb135338d651d29481ad67802aca506da805e182
ep_bytes: 60be00d040008dbe0040ffff5783cdff
timestamp: 2009-04-22 12:59:23

Version Info:

Comments: Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName: Apache Software Foundation
FileDescription: ApacheBench command line utility
FileVersion: 2.2.14
InternalName: ab.exe
LegalCopyright: Copyright 2009 The Apache Software Foundation.
OriginalFilename: ab.exe
ProductName: Apache HTTP Server
ProductVersion: 2.2.14
Translation: 0x0409 0x04b0

Generic.RozenaA.FE8300C5 also known as:

Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CAT-QuickHealTrojan.GenericRI.S18206508
ALYacGeneric.RozenaA.FE8300C5
MalwarebytesTrojan.Rozena
VIPRETrojan.Win32.Swrort.B (v)
Cybereasonmalicious.edd78f
CyrenW32/Swrort.B.gen!Eldorado
SymantecTrojan Horse
ESET-NOD32a variant of Win32/Rozena.ED
APEXMalicious
AvastWin32:Evo-gen [Susp]
ClamAVWin.Trojan.Swrort-5710536-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGeneric.RozenaA.FE8300C5
NANO-AntivirusTrojan.Win32.Shellcode.ewfvwj
MicroWorld-eScanGeneric.RozenaA.FE8300C5
TencentMalware.Win32.Gencirc.10b3f98b
Ad-AwareGeneric.RozenaA.FE8300C5
SophosML/PE-A + ATK/SwrortPk-A
ComodoTrojWare.Win32.Rozena.A@4jwdqr
DrWebTrojan.Swrort.1
TrendMicroBKDR_SWRORT.SM
FireEyeGeneric.mg.aa2cd86edd78f386
EmsisoftGeneric.RozenaA.FE8300C5 (B)
IkarusExploit.PDF
GDataWin32.Trojan.PSE.12V9MZN
AviraTR/Crypt.ULPM.Gen
Antiy-AVLTrojan/Generic.ASCommon.153
ArcabitGeneric.RozenaA.FE8300C5
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
AhnLab-V3Backdoor/Win32.Bifrose.R12476
Acronissuspicious
MAXmalware (ai score=82)
VBA32TrojanDownloader.Radonl
CylanceUnsafe
TrendMicro-HouseCallBKDR_SWRORT.SM
RisingHackTool.Swrort!1.6477 (CLASSIC)
YandexTrojan.GenAsa!O0/tdGI4TGA
SentinelOneStatic AI – Malicious PE
eGambitTrojan.Generic
FortinetMalwThreat!0971IV
BitDefenderThetaGen:NN.ZexaF.34062.cmKfaGFa5Qli
AVGWin32:Evo-gen [Susp]
CrowdStrikewin/malicious_confidence_70% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Generic.RozenaA.FE8300C5?

Generic.RozenaA.FE8300C5 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment