Malware

Troj/CosDuke-B (file analysis)

Malware Removal

The Troj/CosDuke-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/CosDuke-B virus can do?

  • Sample contains Overlay data
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Troj/CosDuke-B?



File Info:

name: 033E716A484E5D8CDB86.mlw
path: /opt/CAPEv2/storage/binaries/6a287edaa632c252c897320ebe44c5ad40e0614f724b07354b41a393650fb5c9
crc32: 31387364
md5: 033e716a484e5d8cdb8691c9d1f7a850
sha1: 069c3e96f4bc98bd4b2ac8d76df3d16c19522d48
sha256: 6a287edaa632c252c897320ebe44c5ad40e0614f724b07354b41a393650fb5c9
sha512: af8f2ec2b7cd89150e74d96ce8584ceed19e24e392391d855f76b57c01fd9d4f9fe29c3be60a9b6adf08f8f9fe84ae5bf9f7db98d9c6205b5faae9658a2dce8b
ssdeep: 24576:ce6u/p6D3RSgGRha3tQymeKbitTljWr4ZHhe/1w1pOy9CN5KAQhkSXge:cOB6zYkEZuFwr4ZB41wKENhLQe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13CB52320B7828073C26725B44AE5F7B85779BDA22BF299CF17C556F80F242C1927731A
sha3_384: 60db57119738ec051e35a85e11f7e3ecf799cac1589d4498d748ac030e51e4c7a6cd1e7476334f48c8379660b8ca0901
ep_bytes: e8ff200000e989feffffe8a224000085
timestamp: 2012-11-13 09:53:11


Version Info:

CompanyName: Google Inc.
FileDescription: Google Chrome Updater
FileVersion: 25.0.1364.97
InternalName: chrome_exe
LegalCopyright: Copyright 2012 Google Inc. All rights reserved.
OriginalFilename: chrome.exe
ProductName: Google Chrome Updater
ProductVersion: 25.0.1364.97
CompanyShortName: Google
ProductShortName: Chrome
LastChange: 183676
Official Build: 1
Translation: 0x0409 0x04b0

Troj/CosDuke-B also known as:

BkavW32.FamVT.FVDATTc.Worm
LionicTrojan.Win32.CosmicDuke.tnq3
MicroWorld-eScanTrojan.GenericKD.64984161
ClamAVWin.Trojan.CosmicDuke-3
FireEyeTrojan.GenericKD.64984161
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacTrojan.GenericKD.64984161
Cylanceunsafe
ZillyaTrojan.Agent.Win32.471810
SangforTrojan.Win32.Save.a
K7AntiVirusPassword-Stealer ( 0049b09a1 )
AlibabaTrojanDropper:Win32/Miniduke.abf8cd23
K7GWPassword-Stealer ( 0049b09a1 )
Cybereasonmalicious.6f4bc9
BaiduWin32.Trojan-PSW.Agent.l
VirITTrojan.Win32.X-Paxxes.BMQP
CyrenW32/Trojan.DIRN-7729
SymantecBackdoor.Tinybaron
Elasticmalicious (high confidence)
APEXMalicious
CynetMalicious (score: 100)
BitDefenderTrojan.GenericKD.64984161
AvastWin32:MiniDuke-G [Trj]
TencentTrojan-Dropper.Win32.Miniduke.wa
TACHYONBackdoor/W32.CosmicDuke.2315162
EmsisoftTrojan.GenericKD.64984161 (B)
DrWebTrojan.PWS.Siggen1.28564
VIPRETrojan.GenericKD.64984161
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SophosTroj/CosDuke-B
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/CosmicDuke.a
Antiy-AVLTrojan/Win32.TSGeneric
XcitiumTrojWare.Win32.TrojanDropper.Miniduke.DA@6l2urh
ArcabitTrojan.Generic.D3DF9461
ViRobotTrojan.Win32.CosmicDuke.697856
GDataWin32.Trojan.PSE.1020OTA
GoogleDetected
AhnLab-V3Win-Trojan/Agent.697856.K
McAfeeGenericRXEN-QE!033E716A484E
MAXmalware (ai score=80)
MalwarebytesGeneric.Malware.AI.DDS
RisingStealer.Agent!1.A6DB (CLASSIC)
IkarusTrojan-Dropper.Win32.Miniduke
MaxSecureBackdoor.CosmicDuke.gen
FortinetW32/Ipamor.D846!tr
AVGWin32:MiniDuke-G [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Troj/CosDuke-B?

Troj/CosDuke-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment