Trojan

Trojan.Antavmu.D7 (file analysis)

Malware Removal

The Trojan.Antavmu.D7 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Antavmu.D7 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine Trojan.Antavmu.D7?



File Info:

name: FA2CF025D11A52C67D51.mlw
path: /opt/CAPEv2/storage/binaries/82ef19b41346b54df45d57326407aca49d4fb62a7c9ce2678339546b9ecd74c7
crc32: BB829006
md5: fa2cf025d11a52c67d51b7769c6ce9bb
sha1: 496818d6046eed1b62fbcf92aea29be2d286846b
sha256: 82ef19b41346b54df45d57326407aca49d4fb62a7c9ce2678339546b9ecd74c7
sha512: fbca1b35283f1c8168bf466afad8e86ddc08845f550b61f1af3d4e73cf50e5889b3051c41800f74bf3d5cad2db707a7a7502d990acd7f3961c5901460ca22200
ssdeep: 1536:68WfnMzlJ62Dp76vRFzUrTgZQoPig4GcG995sNI:68WPS8dUrTA/7
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T133737C137BD0C178E40A83747A791F73DE7DFA20175621A2A3B0A7655F75280EA0736B
sha3_384: d5efb15d9a0a0c7d485126bd93722dab1948e55e6a4e43e01dbe1c61bff5fdf3b8354299121600530809e04b83e8a250
ep_bytes: a1dbf04000c1e002a3dff04000575133
timestamp: 2042-11-21 16:01:10


Version Info:

0: [No Data]

Trojan.Antavmu.D7 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.MulDrop4.28628
MicroWorld-eScanGen:Trojan.FileInfector.eCW@aOPHzki
FireEyeGeneric.mg.fa2cf025d11a52c6
CAT-QuickHealTrojan.Antavmu.D7
McAfeePWS-OnlineGames.kz
MalwarebytesMalware.AI.2897677066
K7AntiVirusTrojan ( 001f4e2b1 )
AlibabaTrojan:Win32/Antavmu.2835277c
K7GWTrojan ( 001f4e2b1 )
Cybereasonmalicious.5d11a5
ArcabitTrojan.FileInfector.EEB9DC
BitDefenderThetaAI:Packer.1889BCA41E
VirITTrojan.Win32.Generic.BUNO
CyrenW32/Antavmu.A.gen!Eldorado
SymantecTrojan.Dropper
ESET-NOD32a variant of Win32/KillFiles.NEH
TrendMicro-HouseCallTROJ_AGENT_055244.TOMB
ClamAVWin.Virus.Fileinfector-9809043-0
KasperskyTrojan.Win32.Agent.idez
BitDefenderGen:Trojan.FileInfector.eCW@aOPHzki
NANO-AntivirusTrojan.Win32.Drop.cihufp
SUPERAntiSpywareTrojan.Agent/Gen-Antavmu
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.10b3c199
Ad-AwareGen:Trojan.FileInfector.eCW@aOPHzki
TACHYONTrojan/W32.Antavmu.73728.H
EmsisoftGen:Trojan.FileInfector.eCW@aOPHzki (B)
ComodoTrojWare.Win32.KillFiles.NEH@4qfvz0
VIPRETrojan.Win32.Antavmu.d (v)
TrendMicroTROJ_AGENT_055244.TOMB
McAfee-GW-EditionPWS-OnlineGames.kz
SophosML/PE-A + Mal/Antavmu-A
IkarusTrojan.Win32.KillFiles
JiangminTrojan.Antavmu.bxc
AviraTR/Antavmu.doue
Antiy-AVLTrojan/Generic.ASMalwS.138E36
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmTrojan.Win32.Agent.idez
GDataGen:Trojan.FileInfector.eCW@aOPHzki
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Antavmu.R25058
VBA32Trojan.Antavmu
ALYacGen:Trojan.FileInfector.eCW@aOPHzki
MAXmalware (ai score=84)
CylanceUnsafe
APEXMalicious
RisingTrojan.Win32.Antavmu.c (RDMK:cmRtazqxLWBcXp+g3gaHGcTrgw8e)
YandexTrojan.GenAsa!UVM9UIzqgzk
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/BanLoader.BBCF!worm
AVGWin32:TrojanX-gen [Trj]

How to remove Trojan.Antavmu.D7?

Trojan.Antavmu.D7 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment