Malware

Jatif.4890 information

Malware Removal

The Jatif.4890 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Jatif.4890 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode get eip malware family
  • Detects the presence of Windows Defender AV emulator via files
  • Collects information to fingerprint the system
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Jatif.4890?



File Info:

name: 2010F94A111AB8D9E0A2.mlw
path: /opt/CAPEv2/storage/binaries/b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7
crc32: 9DE16CB0
md5: 2010f94a111ab8d9e0a25d7aefd2704e
sha1: cc5fb0d3c2ac669a04ce073e2023200107a1846a
sha256: b0d998157a5602c0f97d328b38e82177ceeb380862ac46258c5cb5727bfa7cf7
sha512: daec0ed4e7ed5467c9b59db2976227f142a56f1e3eadd138baf6281d63ea565849da08c1ffcad056fc49909a42d16b79bbcf546ef37977f3e386566ca3dbcc71
ssdeep: 24576:GhGyCHW7fOpOQWzYSQ6iRUxgrGEMr3LvDUUk1+CtdEckOOZ2K7bGqvUCSVt:GhGVHWyOrVuUUMrbZk1yckOOZ2fyUtr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16F85AEAAB9E1FF4AD8B79439C560B325D12E9C114702498FD3CB3510BEB17E83D66D28
sha3_384: d0df4ed169dad448d2499939ce06b971e4301db802effcfe93ab1ba95d0adf723b8cbe45853df3260f78f5c714d5f93b
ep_bytes: e831060000e97afeffff3b0d581b5400
timestamp: 1970-01-01 00:00:00


Version Info:

CompanyName: promt
FileDescription: Antivirus Host Framework Service
FileVersion: 1.0.0.1
InternalName: avguard_ld.exe
LegalCopyright: Copyright (C) 2022
OriginalFilename: avguard_ld.exe
ProductName: Avira Product Family
ProductVersion: 1.0.0.1
Translation: 0x241a 0x04b0

Jatif.4890 also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Encoder.U!c
AVGWin32:DangerousSig [Trj]
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Jatif.4890
FireEyeGen:Variant.Jatif.4890
SkyhighGenericRXUO-AX!2010F94A111A
McAfeeGenericRXUO-AX!2010F94A111A
MalwarebytesGeneric.Malware/Suspicious
ZillyaTrojan.GenCBL.Win32.9599
K7AntiVirusTrojan ( 0059a2d11 )
AlibabaRansom:Win32/Encoder.feea855b
K7GWTrojan ( 0059a2d11 )
BitDefenderThetaGen:NN.ZexaF.36804.RL1@am5OMNjc
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenCBL.CYH
CynetMalicious (score: 99)
AvastWin32:DangerousSig [Trj]
KasperskyHEUR:Trojan-Ransom.Win32.Encoder.gen
BitDefenderGen:Variant.Jatif.4890
NANO-AntivirusTrojan.Win32.Encoder.jtlqss
TencentMalware.Win32.Gencirc.10bdbca1
EmsisoftGen:Variant.Jatif.4890 (B)
F-SecureTrojan.TR/AD.Nymaim.rxfmw
DrWebTrojan.Encoder.36146
VIPREGen:Variant.Jatif.4890
TrendMicroRansom.Win32.ROYAL.SM
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Generic
JiangminTrojan.Generic.bpgp
WebrootW32.Trojan.GenKD
VaristW32/ABRisk.NAOI-2380
AviraTR/AD.Nymaim.rxfmw
MAXmalware (ai score=83)
Antiy-AVLTrojan/Win32.GenCBL
MicrosoftRansom:Win32/Royal.MP!MTB
ArcabitTrojan.Jatif.D131A
ZoneAlarmHEUR:Trojan-Ransom.Win32.Encoder.gen
GDataGen:Variant.Jatif.4890
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5300388
VBA32TrojanRansom.Stop
ALYacTrojan.Ransom.Filecoder
Cylanceunsafe
PandaTrj/RansomGen.A
RisingTrojan.MalCert!1.E0E9 (CLASSIC)
YandexTrojan.GenCBL!lc6F884nwvE
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.73715490.susgen
FortinetW32/Encoder.CFAD!tr.ransom
DeepInstinctMALICIOUS

How to remove Jatif.4890?

Jatif.4890 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment