Malware

Tedy.2757 removal instruction

Malware Removal

The Tedy.2757 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Tedy.2757 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Tedy.2757?



File Info:

name: D019A0F6AC9D36B629A4.mlw
path: /opt/CAPEv2/storage/binaries/c5e466b20e518711db001c3429e0dbde9b6df0efeee453f99a44931b1a330311
crc32: 89EE5224
md5: d019a0f6ac9d36b629a44fcb4e15121e
sha1: 7559e2e529d35ab6cd128055616ae94051564185
sha256: c5e466b20e518711db001c3429e0dbde9b6df0efeee453f99a44931b1a330311
sha512: 9628f2c56a28c0a052797547eee716098ba11e9fe182fd9ca8a1a1a120809ddde75c49e0572d0a4d271010c0becd25a7d78a049e097e7d73e193fec9293248aa
ssdeep: 6144:NSbwKnJrCTENF+BkjHgNvdjj175SIkd+NVUOqejQF5JFIksxtpZMvoS:NHCjYkDgTjvxJuejQFixtpZMvoS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1458423B2DC8AA5E2D88F8179491D4E95F6647E60B941EB7BBC54FE1B0C7025000BF53E
sha3_384: 101210893c3fe93e8c1bea456672669ccf079ded81c0d1bdffceca9bc9f6d54910c7969dbd77d07aad468684cc507829
ep_bytes: 60be00a005108dbe0070faffc787c460
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 1.2.2.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.2.2.0
Comments: 
Translation: 0x0804 0x03a8

Tedy.2757 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.2757
McAfeeGenericRXAA-AA!D019A0F6AC9D
CylanceUnsafe
K7AntiVirusTrojan ( f1000a011 )
K7GWTrojan ( f1000a011 )
Cybereasonmalicious.529d35
SymantecPacked.Generic.147
ESET-NOD32a variant of Win32/Hupigon.NWC
APEXMalicious
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderGen:Variant.Tedy.2757
Ad-AwareGen:Variant.Tedy.2757
EmsisoftGen:Variant.Tedy.2757 (B)
ComodoBackdoor.Win32.Hupigon.UUE0@1o8eqw
DrWebBackDoor.Pigeon.13979
ZillyaBackdoor.Hupigon.Win32.137274
TrendMicroBKDR_HUPIGON.FKH
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
FireEyeGeneric.mg.d019a0f6ac9d36b6
SophosML/PE-A + Mal/Hupig-H
SentinelOneStatic AI – Suspicious PE
JiangminBackdoor/Huigezi.2008.rjv
AviraBDS/Hupigon.Gen
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.819F06
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ArcabitTrojan.Tedy.DAC5
ViRobotBackdoor.Win32.A.Hupigon.384000.B
GDataGen:Variant.Tedy.2757
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Hupigon.R839
BitDefenderThetaAI:Packer.2D8EA91017
ALYacGen:Variant.Tedy.2757
VBA32suspected of Trojan-Dropper.Agent.109
TrendMicro-HouseCallBKDR_HUPIGON.FKH
RisingBackdoor.Win32.RemoteABC.ffs (CLASSIC)
IkarusTrojan.Buzus.iij
MaxSecureTrojan.Malware.1323280.susgen
FortinetW32/Hupigon.AXOL!tr.bdr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Tedy.2757?

Tedy.2757 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment