Malware

How to remove “Troj/Azov-B”?

Malware Removal

The Troj/Azov-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Troj/Azov-B virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Troj/Azov-B?


File Info:

name: 14B8305D4162DAB98D91.mlw
path: /opt/CAPEv2/storage/binaries/dde37e6c147340a686c236c6e40df9a936e58d6b5bfe8bc545fdb9e66abb7c8e
crc32: 10BF1285
md5: 14b8305d4162dab98d915e0da055f221
sha1: 8b4c002d10ea8b1fc0feab35463e4f53ba44875e
sha256: dde37e6c147340a686c236c6e40df9a936e58d6b5bfe8bc545fdb9e66abb7c8e
sha512: 6f3ac2452b35097b3406230c7842bc595775e50c5898aa08bdb436aab6e3045f900002b6b7cd066f71129282c2fd944e1f41fdbc195ee7760ee0b8ddbe41e29c
ssdeep: 3072:tuTO4rRZitNvXDmGoWXscjyEGYx6KAMSq+ZDPUEMTlqkBNGbwAS4ArPRJldVCfrS:tkZKNvTmGoesElxgdZDPFMTbNgMP+rLO
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T15704AF57B7F40068E076D1B6C9F2875697B1BC410B7193DF2A99866A9F33BE08D34312
sha3_384: 38016d57426bdf57def8677254bcdb25b15556a2641fae8273a281f7db6dfd0ddff0645b1fb70f6124cdb0bf597fc390
ep_bytes: 488d05c6fbffff4805c5020000ffd0c8
timestamp: 2019-11-05 20:50:30

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows® installer
FileVersion: 5.0.7601.24535 (win7sp1_ldr_escrow.191105-1059)
InternalName: msiexec
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: msiexec.exe
ProductName: Windows Installer - Unicode
ProductVersion: 5.0.7601.24535
Translation: 0x0409 0x04b0

Troj/Azov-B also known as:

MicroWorld-eScanWin64.Ransom.A
FireEyeWin64.Ransom.A
CylanceUnsafe
VIPREWin64.Ransom.A
K7AntiVirusVirus ( 0059ab071 )
K7GWVirus ( 0059ab071 )
CyrenW64/Expiro.BL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win64/Expiro.DR
ClamAVWin.Ransomware.Expiro-9975896-0
BitDefenderWin64.Ransom.A
Ad-AwareWin64.Ransom.A
EmsisoftWin64.Ransom.A (B)
DrWebWin32.HLLP.Azov.3
TrendMicroRansom.Win64.AZVO.SMYXCKD
SophosTroj/Azov-B
GDataWin64.Ransom.A
JiangminTrojan.Blocker.urr
Antiy-AVLVirus/Win64.Expiro.dr
ArcabitWin64.Ransom.A
MicrosoftTrojanDownloader:Win32/Emotet!ml
GoogleDetected
ALYacWin64.Ransom.A
MAXmalware (ai score=87)
MalwarebytesMalware.AI.450052430
IkarusVirus.Win64.Expiro
MaxSecureTrojan.Malware.121218.susgen
FortinetW64/Expiro.DR!tr

How to remove Troj/Azov-B?

Troj/Azov-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment