What is “Mal/ToxieRat-A”?

The Mal/ToxieRat-A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Mal/ToxieRat-A virus can do?

Dynamic (imported) function loading detected
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Mal/ToxieRat-A?


File Info:
name: 0DFE09BC5411B29C5625.mlw
path: /opt/CAPEv2/storage/binaries/17cffdb6a50dc5b996f3410df0a3f59275565b69b2d6b3fe0e76ec14e8dd6e11
crc32: B7CEB05B
md5: 0dfe09bc5411b29c5625f895caf832c6
sha1: 2eb880915b326087a213e547c5b29814a817927a
sha256: 17cffdb6a50dc5b996f3410df0a3f59275565b69b2d6b3fe0e76ec14e8dd6e11
sha512: c3130454986610878304f1e12d88c3205fbf069b657ecdbc7b851a8a7533d7f065613294f75714532b338efd7452f84a93d9675187361f84c8264c384eda2fa2
ssdeep: 6144:OV1zutbA5pBaCBPo2NtY36Q8QLnxO6LdutKxPNk8PJ1ZDsibN:25W2NkX8Q92tKx3PHB
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T110544A69736DE902DB6D473580FF2A292571835B4362963BDC886884BE213D6F709FC3
sha3_384: 1903adf50e878d62490b4af1f9621db76c2edd5abeaa08c659a0b71e7b930b47e96b20ec3e10776c5fa6992be3809fb3
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-07-27 12:04:58

Version Info:
Translation: 0x0000 0x04b0
Comments: 
CompanyName: Google Inc.
FileDescription: Chrome Update
FileVersion: 1.0.0.0
InternalName: TelegramRAT.exe
LegalCopyright: Copyright ©  2022
LegalTrademarks: 
OriginalFilename: TelegramRAT.exe
ProductName: Chrome Update
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Mal/ToxieRat-A also known as:

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
CAT-QuickHeal	Trojan.YakbeexMSIL.ZZ4
Cylance	Unsafe
VIPRE	Gen:Variant.MSILHeracles.13493
Sangfor	Virus.Win32.Save.a
BitDefender	Gen:Variant.MSILHeracles.13493
Cybereason	malicious.c5411b
Arcabit	Trojan.MSILHeracles.D34B5
ESET-NOD32	a variant of MSIL/Agent.CTU
APEX	Malicious
Cynet	Malicious (score: 100)
MicroWorld-eScan	Gen:Variant.MSILHeracles.13493
Ad-Aware	Gen:Variant.MSILHeracles.13493
Sophos	Mal/ToxieRat-A
F-Secure	Heuristic.HEUR/AGEN.1247481
DrWeb	Trojan.ClipBankerNET.7
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.0dfe09bc5411b29c
Emsisoft	Gen:Variant.MSILHeracles.13493 (B)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1247481
MAX	malware (ai score=89)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.MSILHeracles.13493
AhnLab-V3	Trojan/Win.Generic.C5198622
Acronis	suspicious
ALYac	Gen:Variant.MSILHeracles.13493
Malwarebytes	Spyware.TelegramRAT
Rising	Stealer.Discord!8.10A86 (TFE:dGZlOg3bQ9Opf/ynpw)
Ikarus	Backdoor.Bladabindi
MaxSecure	Trojan.Malware.300983.susgen
BitDefenderTheta	Gen:NN.ZemsilF.34806.sm0@aOSex5g
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Mal/ToxieRat-A?

Mal/ToxieRat-A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X