What is “HackTool.ShutDown”?

The HackTool.ShutDown is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What HackTool.ShutDown virus can do?

Authenticode signature is invalid
Anomalous binary characteristics

How to determine HackTool.ShutDown?


File Info:
name: 27137827811CA12779C1.mlw
path: /opt/CAPEv2/storage/binaries/d70a270501b28af48ec6c26ae41d820ce9d4cafb3c7caccd8219fe2a80fa0d26
crc32: E7C89F87
md5: 27137827811ca12779c1e128e99c3e94
sha1: 58f6516743d0410f5a1223d2b7dd0308bdd87a87
sha256: d70a270501b28af48ec6c26ae41d820ce9d4cafb3c7caccd8219fe2a80fa0d26
sha512: 7c4d9bcbabd7d744f91324bdbeb5f4be300618db79942e86a0ca1c988f6b89e2ae576a6d05b7375f877cc194cac09ee3ca24423b99b5046d78198ee2754c9025
ssdeep: 48:yr6wqce4oFpZR4u3KldBXrpF8O/MmLQ1+6wPveeK2:eGc5oDZlWXrpKBaJveN2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19D72CF02F67CD876F44547324D73C7EA6522BD308E208E573E847F2F2D74251ADA164A
sha3_384: 6f36bab486af0fb95370dcc76d4f7172791fedaf6e7456b01460ca9937a3193cea5e1318578d9881fb4d50c29028bb28
ep_bytes: 68b4114000e80c110000000000000000
timestamp: 2004-05-05 13:32:53

Version Info:
Translation: 0x0409 0x04b0
CompanyName: WareSoft Software
ProductName: shutdown
FileVersion: 1.00
ProductVersion: 1.00
InternalName: shutdown
OriginalFilename: shutdown.exe

HackTool.ShutDown also known as:

Elastic	malicious (high confidence)
FireEye	Generic.mg.27137827811ca127
McAfee	Artemis!27137827811C
Malwarebytes	HackTool.ShutDown
K7AntiVirus	Trojan ( 00478b041 )
K7GW	Trojan ( 00478b041 )
ClamAV	Win.Tool.Shutdown-6995160-0
DrWeb	Tool.ShutDown.14
Gridinsoft	Ransom.Win32.Wacatac.sa
Fortinet	Riskware/Shutdown

How to remove HackTool.ShutDown?

HackTool.ShutDown removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X