Malware

Tedy.50328 (file analysis)

Malware Removal

The Tedy.50328 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Tedy.50328 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Likely virus infection of existing system binary
  • Creates a copy of itself

How to determine Tedy.50328?



File Info:

name: 26622B4057F546801269.mlw
path: /opt/CAPEv2/storage/binaries/ed62146c7fa997d9a1032698fe3683dc2e1555e9f9c693168dfff7037ac83832
crc32: 94399575
md5: 26622b4057f546801269056bb354be0a
sha1: 62778c29f4173fd7fce8c0dd3a2503962063d2b3
sha256: ed62146c7fa997d9a1032698fe3683dc2e1555e9f9c693168dfff7037ac83832
sha512: 7ed9bc7303f994de0bda2de80bad86def07a845870e6684afd2df4f6e7fdc58347f3ab3f41f8cbe5ca6b6aebe27b223d8c208bc99f88fcb3dedb995ff8b99057
ssdeep: 24576:bO8ReJ0Zkj6rcaq0nBCps7c9DREAZZNJm1LWxEpi4OvOEmnhyO6sEs7eOO4fm0e4:bO88J0I6gaudtRLm1xsWEm64SOOce/3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CDA5AE0F972EABE7C6136038146A33E22BC5E96CD79D17E39E616D3A73D40C215B6384
sha3_384: 5f347de59a09acf15fab48da2211e259f6ebfbf67c2899f187b38e65ae5a5c812201bfb0130567f67806ab0cdce48c8f
ep_bytes: 558bec6aff68c0765700681c50570064
timestamp: 2021-11-18 11:30:01


Version Info:

0: [No Data]

Tedy.50328 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Malicious.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen15.55266
MicroWorld-eScanGen:Variant.Tedy.50328
FireEyeGeneric.mg.26622b4057f54680
McAfeeGenericRXAA-FA!26622B4057F5
K7AntiVirusTrojan ( 005823bf1 )
AlibabaTrojan:Win32/Kryptik.88f89032
K7GWTrojan ( 005823bf1 )
Cybereasonmalicious.9f4173
BitDefenderThetaGen:NN.ZexaE.34294.jEW@aCKq8pbj
CyrenW32/FakeAlert.FY.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HLIQ
TrendMicro-HouseCallTROJ_GEN.R002C0WKQ21
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Injuke.gen
BitDefenderGen:Variant.Tedy.50328
AvastWin32:AdwareX-gen [Adw]
RisingTrojan.Kryptik!1.AA55 (CLASSIC)
Ad-AwareGen:Variant.Tedy.50328
EmsisoftGen:Variant.Tedy.50328 (B)
TrendMicroTROJ_GEN.R002C0WKQ21
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
AviraHEUR/AGEN.1143574
MAXmalware (ai score=88)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataWin32.Trojan.PSE.1QRPSAL
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R452891
ALYacGen:Variant.Tedy.50328
APEXMalicious
TencentWin32.Trojan.Tedy.Hqlm
IkarusWin32.Outbreak
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HATU!tr
AVGWin32:AdwareX-gen [Adw]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_70% (W)

How to remove Tedy.50328?

Tedy.50328 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment