Categories: Malware

Heur.Conjar.7 (file analysis)

The Heur.Conjar.7 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Heur.Conjar.7 virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Reads data out of its own binary image
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial binary language: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Installs itself for autorun at Windows startup
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
Attempts to modify proxy settings
Creates a slightly modified copy of itself

Related domains:

sympadwe.be

tumisoney.be

eksyghskgsbakrys.com

msrgejsdyvekadh.com

How to determine Heur.Conjar.7?


File Info:
crc32: CAB86049md5: 681a0c349f860507831aa1133593560aname: 681A0C349F860507831AA1133593560A.mlwsha1: 275d9e1bd6c6b0349cd397197d9ba11859a99435sha256: 1a121be07e2026d2a46400d831d9de3ea2d1d7bb838f4229783efae569d325d0sha512: 459319fee61f6f2764a3f98760ebfeedd9d35bbf950936126b4b6120c3463ee4b4feef17a7d9b860b67333a9d7ba11acc5857cbfdbe4b0aff8fd003b959dc29dssdeep: 1536:ZjPOaklWIkuvwKxNemVgCpbM9FOz4h6xW3lU+aafbHagkUb+v1WHkX:lsWIkwxXpA9mRxW3lU+lWgUQgtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: Copyright (C) 2009-2011 Foxit Corporation InternalName: Foxit Reader.exeFileVersion: 5, 0, 2, 0718CompanyName: Foxit CorporationPrivateBuild: LegalTrademarks: Comments: ProductName: Foxit ReaderSpecialBuild: ProductVersion: 5, 0, 2, 0718FileDescription: Foxit Reader 5.0, Best Reader for Everyday Use!OriginalFilename: Foxit Reader.EXETranslation: 0x0804 0x04b0

Heur.Conjar.7 also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 003640b31 )
Elastic	malicious (high confidence)
DrWeb	Trojan.Packed.22288
ClamAV	Win.Trojan.Agent-505832
ALYac	Gen:Heur.Conjar.7
Cylance	Unsafe
Zillya	Backdoor.Buterat.Win32.640
Sangfor	Suspicious.Win32.Save.a
BitDefender	Gen:Heur.Conjar.7
K7GW	Trojan ( 003640b31 )
Cybereason	malicious.49f860
Cyren	W32/Fareit.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/SpyVoltar.A
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.ULPM.bfpipl
ViRobot	Backdoor.Win32.A.Buterat.87552[UPX]
MicroWorld-eScan	Gen:Heur.Conjar.7
Tencent	Malware.Win32.Gencirc.10c45dc5
Ad-Aware	Gen:Heur.Conjar.7
Sophos	ML/PE-A + Mal/Zbot-EZ
Comodo	TrojWare.Win32.Remex.bfja@4miupj
BitDefenderTheta	Gen:NN.ZexaF.34236.fmKfaa1FsKgi
VIPRE	Worm.Win32.Cridex.ba (v)
McAfee-GW-Edition	Trojan-FAAP!681A0C349F86
FireEye	Generic.mg.681a0c349f860507
Emsisoft	Gen:Heur.Conjar.7 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Backdoor/Buterat.xx
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.ULPM.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.185E9FC
Microsoft	Trojan:Win32/Vundo
SUPERAntiSpyware	Heur.Agent/Gen-FakeFoxit
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Gen:Heur.Conjar.7
AhnLab-V3	Trojan/Win32.Jorik.R20057
VBA32	BScope.Trojan.Winlock.1215
MAX	malware (ai score=100)
Malwarebytes	Ransom.FileCryptor
Yandex	Backdoor.Buterat!qbl2zlSsiq8
Ikarus	Trojan.Win32.Yakes
Fortinet	W32/Yakes.B!tr
Panda	Bck/Qbot.AO