Categories: Malware

Tedy.130868 (B) information

The Tedy.130868 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Tedy.130868 (B) virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Reads data out of its own binary image
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
CAPE detected the VMProtectStub malware family
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Tedy.130868 (B)?


File Info:
name: 17BF2A20EC19AB462D1A.mlwpath: /opt/CAPEv2/storage/binaries/f5bcb25eea3f40b68a62a2752bf9f6365737142b35d05abc78bfa2dd460a219ccrc32: 21CF43C3md5: 17bf2a20ec19ab462d1a63e433c0a85asha1: a0f6d6055bf4af56fb915480fba4001dcb58d911sha256: f5bcb25eea3f40b68a62a2752bf9f6365737142b35d05abc78bfa2dd460a219csha512: 6df3c979782a9a2b6b1c41bbafe701c0a8a8edb27e1bd8f0193e4bb81a00fcbc0c3fc3ec72711820a20b8aa2ef60f35e7841ed3167df75edc1670ddf074d9ffdssdeep: 98304:2AHVAMtROQjcoqSHO5OiXApBidcCCNffMZ53yZZJyhvQy8keKbtByuxu:2AHGyAQWSTdidcCSU53tRkjd4utype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T17D5633E3A60FDB46C3898A7D017CFE61A0E967794C17C696A330317A8A7251F3D53236sha3_384: 859335a029d63659d0f5c5a6c40ef612ddbe76c911306b60f1746ee1c902037323d621516a7faf352e88a398902c1b06ep_bytes: 52c70424c15b025156c70424ea667bfdtimestamp: 2023-04-25 09:10:30
Version Info:
CompanyName: FileDescription: FileVersion: 1.1.0.0InternalName: 　LegalCopyright: LegalTrademarks: OriginalFilename: ProductName: 星河登陆器ProductVersion: Pnoenixer　Comments: Translation: 0x0804 0x03a8

Tedy.130868 (B) also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.OnLineGames.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Tedy.130868
FireEye	Generic.mg.17bf2a20ec19ab46
ALYac	Gen:Variant.Tedy.130868
Malwarebytes	Woool.Trojan.Downloader.DDS
Zillya	Trojan.OnLineGames.Win32.250664
Sangfor	Trojan.Win32.Woool.V7s6
K7AntiVirus	Trojan ( 00532c651 )
Alibaba	Trojan:Win32/OnLineGames.13e90e25
K7GW	Trojan ( 00532c651 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Tedy.D1FF34
Cyren	W32/Agent.FOA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Woool.F
APEX	Malicious
Kaspersky	Trojan-GameThief.Win32.OnLineGames.almsh
BitDefender	Gen:Variant.Tedy.130868
Avast	Win32:Trojan-gen
Tencent	Malware.Win32.Gencirc.13bd304b
Sophos	Mal/Generic-S
VIPRE	Gen:Variant.Tedy.130868
TrendMicro	TROJ_GEN.R011C0XER23
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Trapmine	malicious.high.ml.score
Emsisoft	Gen:Variant.Tedy.130868 (B)
SentinelOne	Static AI – Malicious PE
Google	Detected
Antiy-AVL	Trojan/Win32.Woool
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	Trojan-GameThief.Win32.OnLineGames.almsh
GData	Gen:Variant.Tedy.130868
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4704901
McAfee	Artemis!17BF2A20EC19
MAX	malware (ai score=81)
Cylance	unsafe
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R011C0XER23
Rising	Trojan.Generic@AI.100 (RDML:NxfNv67KynpbMdOWhJ7TtQ)
Ikarus	Trojan.Win32.Woool
MaxSecure	Trojan.Malware.207066205.susgen
Fortinet	W32/Woool.F!tr
BitDefenderTheta	Gen:NN.ZexaF.36318.@V3@ayyhiPhb
AVG	Win32:Trojan-gen
DeepInstinct	MALICIOUS