Categories: Malware

Tedy.63403 removal guide

The Tedy.63403 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Tedy.63403 virus can do?

Sample contains Overlay data
Performs HTTP requests potentially not found in PCAP.
Reads data out of its own binary image
Drops a binary and executes it
Authenticode signature is invalid
Checks for the presence of known devices from debuggers and forensic tools
Checks for the presence of known devices from debuggers and forensic tools
Attempts to modify proxy settings
Harvests cookies for information gathering
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Tedy.63403?


File Info:
name: 1DE4DB1093409AE83764.mlwpath: /opt/CAPEv2/storage/binaries/d437bb2b53659e97ed2c24d88030fa1788c04c904f3ac0bc57bba2ee1a9f1819crc32: 6F614F0Amd5: 1de4db1093409ae837645b4d16707975sha1: 3beac0ec8ef76e6b83e890085ecc1577812c1881sha256: d437bb2b53659e97ed2c24d88030fa1788c04c904f3ac0bc57bba2ee1a9f1819sha512: 00cd66d48543bd7cacea44e8c5f0a8cf7c48e000e0e7b2cc28f72e529242cf608881527cfcc9edffc4c40377e03c82819c44a8550f85b853b26273e6711b1d36ssdeep: 12288:maWzgMg7v3qnCiMErQohh0F4CCJ8lnyi8:haHMv6Corjqnyi8type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T112D4AE12B7D680B6D99338B5297BE32BEB3576190327C4D7A7E02E778F211405B3A361sha3_384: 247af7bbc23d25a17a3b69786b1f9d58f1d6c67d7b13a541b236dd617bfa8c8ae9540c79ed0db732b9a27af365c9072fep_bytes: e8a7c00000e979feffffcccccccccccctimestamp: 2010-04-16 07:47:33
Version Info:
FileVersion: 4.0.5.1101Comments: 英特尔(R) AMT主动管理技术用户通知服务进程。FileDescription: User Notification ServiceLegalCopyright: Copyright ? 2006-2008, Intel Corporation. All rights reserved.产品版本: 01产品名称:  Active Management Technology User Notification Service公司: l Corporation内部名称: 文件名源文件名: DTranslation: 0x0409 0x04b0

Tedy.63403 also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader4.18331
MicroWorld-eScan	Gen:Variant.Tedy.63403
ClamAV	Win.Malware.Bulz-9940102-0
FireEye	Gen:Variant.Tedy.63403
McAfee	Downloader-AutoIt.p
Malwarebytes	Malware.AI.1042006321
VIPRE	Gen:Variant.Tedy.63403
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056e5201 )
K7GW	Trojan ( 0056e5201 )
CrowdStrike	win/malicious_confidence_100% (D)
Cyren	W32/AutoIt.VR.gen!Eldorado
tehtris	Generic.Malware
ESET-NOD32	multiple detections
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Downloader.Win32.Agent.gpyl
BitDefender	Gen:Variant.Tedy.63403
NANO-Antivirus	Trojan.Script.Downloader.jowcbp
Avast	Win32:Evo-gen [Trj]
TACHYON	Trojan-Downloader/W32.Agent.635392
Emsisoft	Gen:Variant.Tedy.63403 (B)
F-Secure	Trojan.TR/Dropper.Gen
Baidu	Win32.Trojan-Downloader.Autoit.ad
Zillya	Trojan.Bancos.Win32.20107
McAfee-GW-Edition	BehavesLike.Win32.DownloaderAutoIt.jh
Trapmine	malicious.moderate.ml.score
Sophos	Generic ML PUA (PUA)
GData	Gen:Variant.Tedy.63403
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan[Downloader]/Autoit.Inetget.a
Arcabit	Trojan.Tedy.DF7AB
ZoneAlarm	VHO:Trojan-Downloader.Win32.Agent.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
AhnLab-V3	Downloader/Win32.Agent.C3976152
VBA32	Trojan-Downloader.Autoit.gen
ALYac	Gen:Variant.Tedy.63403
MAX	malware (ai score=87)
Cylance	unsafe
Ikarus	Trojan-Downloader.Win32.AutoIt
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Agent.GPYL!tr
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.093409
DeepInstinct	MALICIOUS