Malware

Tedy.1753 (B) (file analysis)

Malware Removal

The Tedy.1753 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Tedy.1753 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Collects and encrypts information about the computer likely to send to C2 server
  • A script or command line contains a long continuous string indicative of obfuscation
  • Attempts to execute suspicious powershell command arguments

How to determine Tedy.1753 (B)?



File Info:

name: D7623BBFB0F8ADAB16FD.mlw
path: /opt/CAPEv2/storage/binaries/671ef0793b9ac87c2b5a92fe76ebaf6a0d4a5c5bedbca0403a1b3fe0b4cf5f73
crc32: CDC5AC49
md5: d7623bbfb0f8adab16fd2e55deb66134
sha1: 841c8751a389fd61de8d1993144cae8cdd4633c2
sha256: 671ef0793b9ac87c2b5a92fe76ebaf6a0d4a5c5bedbca0403a1b3fe0b4cf5f73
sha512: fa9db3f30c42767f40c5dab883af4ce02fb45cb43b58c8a6e327491000e3c300ed5398294f307a134025f08a87199d7aa117e4e6f1b90d1030c8e8ef313eac13
ssdeep: 12288:gtzE5elwLz9Tro8OTDijZL0Y7rejeE63u1G6SymNkwzcG:gtA4KdTs8OqyYXejexsG6SHdwG
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T121F438D959CAC045CA7D0C79CE48CBC66323B912011E76BB2EFC22A2166DCA7D5D93CD
sha3_384: 80ead5b397089c96ae42a92ed9fe462990af827979e6c5efa44cf6455a90fbf04f8310a0c5275d3f58b01d713c989558
ep_bytes: 4883ec2849c7c0600100004831d248b9
timestamp: 2019-07-30 08:52:08


Version Info:

FileVersion: 23.54.2.5
ProductVersion: 32.1
ProductName: wdf
OriginalFilename: hjl
InternalName: uyhgyu
FileDescription: guigiu
CompanyName: gyuguigyu
LegalTrademarks: uigyug
LegalCopyright: yguig
PrivateBuild: yuguig
SpecialBuild: yugiyg
Comments: 76ghv
Translation: 0x0000 0x04e4

Tedy.1753 (B) also known as:

LionicTrojan.Win32.Cryrar.tqFl
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.1753
FireEyeGeneric.mg.d7623bbfb0f8adab
ALYacGen:Variant.Tedy.1753
CylanceUnsafe
ZillyaTrojan.Generic.Win32.922194
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0052796d1 )
K7GWTrojan ( 0052796d1 )
Cybereasonmalicious.fb0f8a
SymantecTrojan.Gen.MBT
ESET-NOD32PowerShell/Kryptik.H
TrendMicro-HouseCallTROJ_GEN.R002C0WL821
Paloaltogeneric.ml
KasperskyUDS:Trojan-Downloader.Win32.PsDownload
BitDefenderGen:Variant.Tedy.1753
AvastWin64:Trojan-gen
TencentWin32.Backdoor.Agent.Wrgc
Ad-AwareGen:Variant.Tedy.1753
SophosMal/Generic-S
TrendMicroTROJ_GEN.R002C0WL821
McAfee-GW-EditionBehavesLike.Win64.Generic.bc
SentinelOneStatic AI – Malicious PE
EmsisoftGen:Variant.Tedy.1753 (B)
IkarusTrojan.PowerShell.Crypt
AviraTR/B2E.Dropper.Gen
MicrosoftTrojan:Win32/Woreflint.A!cl
ArcabitTrojan.Tedy.D6D9
GDataGen:Variant.Tedy.1753
CynetMalicious (score: 100)
AhnLab-V3Malware/Win64.Generic.C2833062
McAfeeRDN/Generic.dx
VBA32Trojan.Sabsik.FL
APEXMalicious
RisingTrojan.Kryptik!8.8 (CLOUD)
MAXmalware (ai score=84)
FortinetPowerShell/Kryptik.H!tr
AVGWin64:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Tedy.1753 (B)?

Tedy.1753 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment