Malware

Tedy.401075 information

Malware Removal

The Tedy.401075 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Tedy.401075 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Appears to use command line obfuscation
  • A script or command line contains a long continuous string indicative of obfuscation
  • Attempts to disable Windows Defender
  • Attempts to execute suspicious powershell command arguments
  • Uses suspicious command line tools or Windows utilities

How to determine Tedy.401075?



File Info:

name: 08829F1FCBD528419B10.mlw
path: /opt/CAPEv2/storage/binaries/da5df0cbcab0ad892392885bf23d53252c1cb546ba1f1c73fe260a5b12aaca00
crc32: 56F58FF9
md5: 08829f1fcbd528419b10dffe8250f2ba
sha1: 3726adedf280d36dc92927394f46e45d4fb84e38
sha256: da5df0cbcab0ad892392885bf23d53252c1cb546ba1f1c73fe260a5b12aaca00
sha512: 1cee8cfb39188f3460310189b45a22bb07b496f8055d5013b9c2043939931647d8600d32e52a0e97e7d78cda1dd5df355350aad551bc8b5cc0ba9f172a996a97
ssdeep: 98304:91Ol480Mvshox/hvBt05YUoPE8VlMREzNyh6q7kaD9JPg1oLJuZYeLstnfaqVqhQ:91Ol4iUoztj1vIUx/WYyLQFYnVz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14A6633013ED5E079E2075432CEF51F9BE2B4E3504B62FCB33E0E5E254979458923ABA6
sha3_384: ec2c72e0d03241b2872d516ae39f7c596334f6413a41b34a1d82ee7af7a54e57b2a5b330aee11e1ced5876dbca4b6a1a
ep_bytes: 558bec6aff68e0b94100682c4a410064
timestamp: 2010-11-18 16:27:35


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.20
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.20
Translation: 0x0409 0x04b0

Tedy.401075 also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Variant.Tedy.401075
FireEyeGen:Variant.Tedy.401075
MalwarebytesGeneric.Malware.AI.DDS
K7AntiVirusAdware ( 005a94d51 )
K7GWAdware ( 005a94d51 )
BitDefenderThetaGen:NN.ZexaCO.36348.@@0@a0HFq0li
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Adware.Neoreklami_AGen.AU
APEXMalicious
KasperskyTrojan-Dropper.Win32.Agent.tezpmz
BitDefenderGen:Variant.Tedy.401075
AvastWin32:Evo-gen [Trj]
EmsisoftGen:Variant.Tedy.401075 (B)
F-SecureTrojan.TR/Crypt.EPACK.Gen2
VIPREGen:Variant.Tedy.401075
McAfee-GW-EditionBehavesLike.Win32.PUPXOR.vc
Trapminemalicious.moderate.ml.score
SophosGeneric ML PUA (PUA)
SentinelOneStatic AI – Suspicious SFX
GDataGen:Variant.Tedy.401075
AviraTR/Crypt.EPACK.Gen2
Antiy-AVLGrayWare[AdWare]/Win32.Neoreklami
ArcabitTrojan.Tedy.D61EB3
ZoneAlarmTrojan-Dropper.Win32.Agent.tezpmz
MicrosoftProgram:Win32/Wacapew.C!ml
CynetMalicious (score: 100)
Acronissuspicious
MAXmalware (ai score=81)
TrendMicro-HouseCallTROJ_GEN.R002H09GT23
RisingTrojan.Generic@AI.98 (RDML:hBfZ8AYvNxFYHA1n65HNqA)
MaxSecureTrojan.Malware.121218.susgen
FortinetRiskware/Neoreklami
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (W)

How to remove Tedy.401075?

Tedy.401075 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment