Malware

NSIS:Dropper-KO [Drp] (file analysis)

Malware Removal

The NSIS:Dropper-KO [Drp] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What NSIS:Dropper-KO [Drp] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Transacted Hollowing
  • Deletes executed files from disk

How to determine NSIS:Dropper-KO [Drp]?



File Info:

name: D3FF1A75F2902D865A65.mlw
path: /opt/CAPEv2/storage/binaries/ae3a1d7c1a58f2c74ed5bd168a6a466d9cc2c1fe2092fc4bdd14eb043986aef2
crc32: 9688115F
md5: d3ff1a75f2902d865a65b0e156b889bc
sha1: 33750e436d1d80b8754f9db6b0ac4ae6a354d1ab
sha256: ae3a1d7c1a58f2c74ed5bd168a6a466d9cc2c1fe2092fc4bdd14eb043986aef2
sha512: 52bc7a4a5d96933202bb337e43493834190cc6e09f8acf05bddbe71c002ffcc1605830f3747191c2e2f92f30c31ebd5de105a0a641bd97dfa33abc8cacf7e7f0
ssdeep: 12288:uaHc64b888888888888W88888888888MsscV7/9GqeMo3JM5oJI9R33rD+zG/oBO:F86JXW7/9oJTJ8NezG/aYFkJR30F6rpU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T188F40213B3C34031F5265A35CC768044AD6779B909F0606A2EF9EB0E4EBA6C69D77F21
sha3_384: af2d0a2bba3b083fc5e6e2270ef8c843d5055980e752ae24b7c07989351085778df5d68162bca360c695a6e80aa14df5
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2018-06-14 13:27:46


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription:                                                             
FileVersion: 3.4                 
LegalCopyright:                                                                                                     
ProductName:                                                             
ProductVersion: 3.4                                               
Translation: 0x0000 0x04b0

NSIS:Dropper-KO [Drp] also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Addrop.b!c
Elasticmalicious (high confidence)
SkyhighBehavesLike.Win32.Dropper.bc
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0055e2d51 )
AlibabaTrojanDropper:Win32/Addrop.e4dc0d71
K7GWTrojan ( 0055e2d51 )
Cybereasonmalicious.36d1d8
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/TrojanDropper.Addrop.CH
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Malware.Ejfb-9784212-0
KasperskyTrojan-Dropper.Win32.Addrop.pnz
SUPERAntiSpywareTrojan.Agent/Gen-DropperAddrop
AvastNSIS:Dropper-KO [Drp]
TencentTrojan.Win32.MalCrack.haw
F-SecureTrojan.TR/Crypt.XPACK.Gen8
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
JiangminTrojanDropper.Agentino.a
WebrootW32.Adware.Gen
VaristW32/Addrop.C.gen!Eldorado
AviraTR/Crypt.XPACK.Gen8
Kingsoftmalware.kb.a.990
MicrosoftTrojan:Win32/Ashify.J!rfn
ZoneAlarmTrojan-Dropper.Win32.Addrop.pnz
AhnLab-V3Trojan/Win32.Agent.R326066
McAfeeArtemis!D3FF1A75F290
VBA32TrojanDropper.Addrop
Cylanceunsafe
PandaTrj/CI.A
RisingDownloader.TaskLoader/ARCHIVE!1.CDEA (CLASSIC)
YandexTrojan.DR.Addrop!xh5fHn9jVvY
IkarusTrojan-Dropper.Addrop
MaxSecureTrojan.Malware.74831215.susgen
FortinetW32/Addrop.CH!tr
AVGNSIS:Dropper-KO [Drp]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (D)

How to remove NSIS:Dropper-KO [Drp]?

NSIS:Dropper-KO [Drp] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment