Trojan

Trojan.BlockPMF.S22283971 malicious file

Malware Removal

The Trojan.BlockPMF.S22283971 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.BlockPMF.S22283971 virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Scheduled file move on reboot detected
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial binary language: Portuguese (Brazil)
  • Unconventionial language used in binary resources: Portuguese (Brazilian)
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan.BlockPMF.S22283971?



File Info:

name: 23861518EEBD6D143290.mlw
path: /opt/CAPEv2/storage/binaries/546d8ef38a022f69e9d6cd86eb0bda1194c61f2e3373e41b0d14f5647cafbfc0
crc32: DF186C41
md5: 23861518eebd6d14329051e84a161973
sha1: 542312f5bbf8468528edfb329c0faf4aa46f0103
sha256: 546d8ef38a022f69e9d6cd86eb0bda1194c61f2e3373e41b0d14f5647cafbfc0
sha512: 3e1e1456fa793f6feef019de8190c51613c2333304be164fbdf1a206cae03c25f2f6c938ab242366aa76ea0e8997804b35c4c4639621fde222bc39dce68afdc7
ssdeep: 49152:9ZTbLK8Dnr3MZTbLKiDn93MZTbLKpDnm3MZTbLKiDn93o:LG8DzGGiDpGGpDMGGiDpo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A0163A7EBB8EA536C8314ABC4DAFE5D5980A39313C185847F6805F4C6E355E2372AE43
sha3_384: d833ee0d8e9df49a7f83a11bebfcb0bcb8414e09e9b7e2eea5e8892df9af16ac0c3b4edaa82825a8f7ee491a455de591
ep_bytes: 558bec83c4f05356b874814e00e8caea
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: HP Printers
FileDescription: Utility printer driver
FileVersion: 1.0.0.51
InternalName: 
LegalCopyright: 
LegalTrademarks: HP Printers
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Translation: 0x0416 0x04e4

Trojan.BlockPMF.S22283971 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.MulDrop7.21669
MicroWorld-eScanGen:Variant.Doina.3244
FireEyeGeneric.mg.23861518eebd6d14
CAT-QuickHealTrojan.BlockPMF.S22283971
McAfeePWS-Banker.gen.ez
CylanceUnsafe
ZillyaTrojan.Agent.Win32.148927
K7AntiVirusSpyware ( 0026b47a1 )
K7GWSpyware ( 0026b47a1 )
Cybereasonmalicious.8eebd6
BitDefenderThetaGen:NN.ZelphiF.34294.@J3@aOrOajhG
CyrenW32/Banker.V.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Banker.WGA
TrendMicro-HouseCallTrojanSpy.Win32.BANKER.SMTH
CynetMalicious (score: 100)
KasperskyHEUR:Trojan-Ransom.Win32.Blocker.gen
BitDefenderGen:Variant.Doina.3244
NANO-AntivirusTrojan.Win32.Agent.dpnib
AvastWin32:BankerX-gen [Trj]
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Variant.Doina.3244
EmsisoftGen:Variant.Doina.3244 (B)
ComodoTrojWare.Win32.Spy.Banker.VIS@8ekceg
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTrojanSpy.Win32.BANKER.SMTH
SophosML/PE-A + Troj/Agent-BCNT
SentinelOneStatic AI – Malicious PE
JiangminTrojan/Agent.ergo
AviraDR/Delphi.Gen
Antiy-AVLTrojan/Generic.ASMalwS.B33C5
KingsoftWin32.Troj.Undef.(kcloud)
ViRobotTrojan.Win32.A.Agent.1050112.A
MicrosoftTrojanSpy:Win32/Banker
AhnLab-V3Trojan/Win32.Agent.C64982
Acronissuspicious
VBA32Trojan.Runner.4705
ALYacGen:Variant.Doina.3244
MAXmalware (ai score=84)
MalwarebytesTrojan.Banker
APEXMalicious
RisingTrojan.Generic@ML.100 (RDML:S+NwRNQnR9cY5j2LEpKi3g)
YandexTrojan.Agent!R+T78+/U9TU
TACHYONTrojan/W32.DP-Agent.4200448
FortinetW32/Banker.WGA!tr
AVGWin32:BankerX-gen [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.BlockPMF.S22283971?

Trojan.BlockPMF.S22283971 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment