Categories: Trojan

About “Trojan.APosT” infection

The Trojan.APosT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.APosT virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Starts servers listening on 0.0.0.0:13141
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Executed a process and injected code into it, probably while unpacking
Deletes its original binary from disk
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a hidden or system file
Anomalous binary characteristics

Related domains:

r.nxxxn.ga

fuck88.f3322.net

How to determine Trojan.APosT?


File Info:
crc32: CB141D6Dmd5: e46349f764ac2eacab2e2ef9df404ebename: SQLamd.exesha1: 2f669d695e128ba89102f6490830d58c28d839b6sha256: 56cb6050b9ebbccc68812dcf56aa35b9536348ea92bca4a42f0fe5df9272a5c3sha512: 7cad5df9d88bb4becec136f3c259f960f8a8211200c5acec23fa60ae31b32327e76e4bdc323c29d03b166eba74b2d96354b98d1b743ce65343083fbd35b4b43essdeep: 24576:8vdSuGEeNqGed+HmomnY/g3EGtjlwMnU0e5cxitwZKHAeGVFoFRDOR:819reNqGeoHmD6qEaZwMkcxitSKSzcRtype: MS-DOS executable, MZ for MS-DOS
Version Info:
LegalCopyright: x7248x6743x6240x6709 (C) 2004InternalName: calculatorFileVersion: 1, 0, 0, 1ProductName: calculator x5e94x7528x7a0bx5e8fProductVersion: 1, 0, 0, 1FileDescription: calculator Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8fOriginalFilename: calculator.EXETranslation: 0x0804 0x04b0

Trojan.APosT also known as:

MicroWorld-eScan	Trojan.GenericKDZ.57545
FireEye	Generic.mg.e46349f764ac2eac
CAT-QuickHeal	Backdoor.ZegostPMF.S11118811
Qihoo-360	HEUR/QVM18.1.F6A3.Malware.Gen
ALYac	Trojan.GenericKDZ.57545
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.1929328
K7AntiVirus	Trojan ( 005343d71 )
BitDefender	Trojan.GenericKDZ.57545
K7GW	Trojan ( 005343d71 )
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
GData	Trojan.GenericKDZ.57545
Kaspersky	HEUR:Trojan.Win32.Generic
Tencent	Malware.Win32.Gencirc.10b8c293
Ad-Aware	Trojan.GenericKDZ.57545
Comodo	Backdoor.Win32.Zegost.XP@7o7w19
F-Secure	Trojan.TR/Crypt.Agent.alaku
DrWeb	BackDoor.BlackMoon.15
VIPRE	Trojan.Win32.Generic!BT
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Emotet.tc
Trapmine	malicious.high.ml.score
CMC	Virus.Win32.Sality!O
Emsisoft	Trojan.GenericKDZ.57545 (B)
Jiangmin	Backdoor.Farfli.ckm
Avira	TR/Crypt.Agent.alaku
MAX	malware (ai score=89)
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.DE0C9
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Wacatac.D!ml
AhnLab-V3	Malware/Win32.Generic.C3403195
Acronis	suspicious
McAfee	GenericRXAA-AA!E46349F764AC
VBA32	Trojan.APosT
ESET-NOD32	a variant of Win32/Kryptik.GGXP
Rising	Trojan.Kryptik!8.8 (RDMK:cmRtazoXhNiRQBqrSLJab+5HDJwv)
Yandex	Trojan.Agent!KcomIKNn7Jk
SentinelOne	DFI – Suspicious PE
eGambit	Unsafe.AI_Score_98%
Fortinet	W32/Kryptik.GGXP!tr
BitDefenderTheta	Gen:NN.ZexaF.34100.enuaaKuRHIpj
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen