Malware

Refroso.2 (B) (file analysis)

Malware Removal

The Refroso.2 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Refroso.2 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics

How to determine Refroso.2 (B)?


File Info:

name: 16DB0F6D593A04CC69AB.mlw
path: /opt/CAPEv2/storage/binaries/d1b1c52daf7f14686d18d557b393d35485ec69cb40327d07e54bd8173cb0b781
crc32: CEB07725
md5: 16db0f6d593a04cc69abd9abc448ff2e
sha1: 05466f5bb41d8dd3b2a4c88e7017110ea4ef901c
sha256: d1b1c52daf7f14686d18d557b393d35485ec69cb40327d07e54bd8173cb0b781
sha512: b2bc30c6d98c96a02d6a99fc25a1d839f3e773b1b03baae8de3827d5aa3fd8e1313dfd2969cbd10c4e708bf77d0c2e1666b3004cde57c64aab9d9286098bfa8b
ssdeep: 6144:Mr5lkotkGh1DlJsM5BQxhqc8/csmXK5KJCCL1Q:05WotkGh15JsMnLcMG6VG1Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B624121AAA3196DADACBE476407505813C726DFC22ABCFD7EB835118366CC0D06F5B1E
sha3_384: e44e4ea10b7a33bf07d37e7db82218030fabf4889376384c896c87de6d9a2eac399d4347f23ec09db2757716a6dfbd19
ep_bytes: 6a286870204000e87402000033ff57ff
timestamp: 2010-04-28 19:52:34

Version Info:

FileDescription: Protected Application
FileVersion: 1, 0, 0, 1
ProductVersion: 1, 0, 0, 1
Comments: Is protected with Teggo MoleBox 4.2321
Translation: 0x0000 0x04b0

Refroso.2 (B) also known as:

LionicTrojan.Win32.Refroso.muCm
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Refroso.2
FireEyeGeneric.mg.16db0f6d593a04cc
CAT-QuickHealVirTool.DelfInject.AF
ALYacGen:Variant.Refroso.2
CylanceUnsafe
VIPREGen:Variant.Refroso.2
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 001788e91 )
BitDefenderGen:Variant.Refroso.2
K7GWTrojan ( 001788e91 )
Cybereasonmalicious.d593a0
VirITTrojan.Win32.Agent.CGC
CyrenW32/VBInject.V.gen!Eldorado
SymantecBackdoor.Bifrose!gen
tehtrisGeneric.Malware
ESET-NOD32Win32/Bifrose.NTA
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Agent-36155
KasperskyTrojan.Win32.VBKrypt.uuvz
AlibabaTrojan:Win32/VBKrypt.00c053b4
NANO-AntivirusTrojan.Win32.VB.tdhad
RisingTrojan.Occamy!8.F1CD (TFE:5:c1ALqTeYTND)
Ad-AwareGen:Variant.Refroso.2
EmsisoftGen:Variant.Refroso.2 (B)
ComodoTrojWare.Win32.Buzus.nhww@4lzqc5
DrWebBackDoor.IRC.Sdbot.3840
ZillyaTrojan.Buzus.Win32.44029
TrendMicroTROJ_BREDLAB.SMD
McAfee-GW-EditionBehavesLike.Win32.VirRansom.dc
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/BigMole-B
IkarusPacked.Win32.Klone
JiangminTrojan/Buzus.agjk
WebrootW32.Bifrose.Gen
AviraTR/Crypt.CFI.Gen
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASBOL.C615
MicrosoftBackdoor:Win32/Bifrose.AE
ZoneAlarmTrojan.Win32.VBKrypt.uuvz
GDataGen:Variant.Refroso.2
GoogleDetected
AhnLab-V3Trojan/Win32.Bifrose.R1707
McAfeeBredolab.gen.u
VBA32BScope.Trojan.Inject
MalwarebytesTrojan.MalPack.Generic
PandaGeneric Malware
TrendMicro-HouseCallTROJ_BREDLAB.SMD
TencentMalware.Win32.Gencirc.114c1bf0
YandexTrojan.GenAsa!XMiXPNBz8gY
SentinelOneStatic AI – Malicious PE
MaxSecurePacked.Rebhip.a
FortinetW32/Refroso.BKBI!tr
BitDefenderThetaAI:Packer.287F14EB1E
AVGWin32:Evo-gen [Trj]
AvastWin32:Evo-gen [Trj]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Refroso.2 (B)?

Refroso.2 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment