Malware

Python/Rozena.EN (file analysis)

Malware Removal

The Python/Rozena.EN is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Python/Rozena.EN virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the PyInstaller malware family

How to determine Python/Rozena.EN?



File Info:

name: E7EE1B822AB45628CAF9.mlw
path: /opt/CAPEv2/storage/binaries/f12d93345b2961c8e508cbcbe1163500445e0c4347c1bae79e94409eaccdda59
crc32: 10CE120B
md5: e7ee1b822ab45628caf996bd2c266548
sha1: 0e366969f6247dc8e2c487eef0812bbd57d6cf80
sha256: f12d93345b2961c8e508cbcbe1163500445e0c4347c1bae79e94409eaccdda59
sha512: 4679140ec913ecd0d4bf00c6851402808d34e46991cf95d51a98548a88b5d79d479b43c050c6e32e8087bdb40ebb0cd35bec4ed3e927bc47049bad014bfa2341
ssdeep: 196608:JvGVipYbkuKXbajXH95dLU6TWHTB33ld0dVwhLL+TyhxVx:J0ipYbkuAbMCZxPmQLoyTV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A6963390AD8668F4C2A1187218F4D571AC1BFE992F13682E919157F238A3DC34F77E1E
sha3_384: d8ce550adc6d315e2abe7d143d3f0420c1dfe330049e085b0698d97237a677284c4ac5561f8a9da999b30ffdba993e53
ep_bytes: e8a0040000e97afeffff558bec6a00ff
timestamp: 2022-02-05 11:19:26


Version Info:

0: [No Data]

Python/Rozena.EN also known as:

BkavW32.AIDetect.malware2
ZillyaTrojan.Disco.Script.657
K7AntiVirusTrojan ( 0058ce591 )
K7GWTrojan ( 0058ce591 )
ESET-NOD32Python/Rozena.EN
APEXMalicious
SophosGeneric ML PUA (PUA)
McAfee-GW-EditionBehavesLike.Win32.HLLP.tc
JiangminTrojanSpy.Python.af
Antiy-AVLTrojan/Generic.ASMalwS.350902C
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZexaF.34182.@xZ@a4VmWbd

How to remove Python/Rozena.EN?

Python/Rozena.EN removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment