Trojan

What is “Trojan.ConvaPMF.S26371181”?

Malware Removal

The Trojan.ConvaPMF.S26371181 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.ConvaPMF.S26371181 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Xhosa
  • Authenticode signature is invalid
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Trojan.ConvaPMF.S26371181?



File Info:

name: 7496195DD9D6F9A72A95.mlw
path: /opt/CAPEv2/storage/binaries/301d99c5ef4281f4d3911bf4d41b74840e44db53e792ad7bcf5b170d98172c81
crc32: D9C0E816
md5: 7496195dd9d6f9a72a95d98e99f3abc7
sha1: b86d88956927bea91b397ca5544320135146f9f8
sha256: 301d99c5ef4281f4d3911bf4d41b74840e44db53e792ad7bcf5b170d98172c81
sha512: 0a1e70fe51acfd5d5e8dc851d6823ed4fca4869181888f0f0b02644be6ee1f363c77674d85a10a238548440a4d3cb1ea1f51d8e8eab8ba69bbe4cf5ecf259d40
ssdeep: 3072:K/FULkYSDPjMxpVca5/rxecwy1DwGCyMqM/h3Lfed:KOLkpDPjurscuGN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15444BE30B680C475C496127C942ACFA14EBEBC3119988A4B3FA91B7F6F313D055A6B5F
sha3_384: c345860b1d7b7703affc09c36ff38d9d5ec18e8275de8a2020ef7d64be0ea95376e7ced2412a9882cf2c32df29b594f9
ep_bytes: e8883b0000e979feffff8325845c4300
timestamp: 2020-10-01 04:47:43


Version Info:

FileVersion: 21.29.11.69
InternationalName: bomgveoci.iwa
Copyright: Copyrighz (C) 2021, fudkorta
ProjectVersion: 1.10.74.57
Translations: 0x0121 0x03ca

Trojan.ConvaPMF.S26371181 also known as:

LionicTrojan.Win32.SmartFortress.lEDV
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Stealer.31749
MicroWorld-eScanTrojan.GenericKD.48075144
FireEyeGeneric.mg.7496195dd9d6f9a7
CAT-QuickHealTrojan.ConvaPMF.S26371181
McAfeePacked-GEE!7496195DD9D6
CylanceUnsafe
ZillyaBackdoor.Mokes.Win32.5158
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0053d5971 )
K7AntiVirusTrojan ( 0053d5971 )
BitDefenderThetaGen:NN.ZexaF.34212.pq0@ays7sKoG
CyrenW32/Qbot.FK.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HOCG
TrendMicro-HouseCallRansom_StopCrypt.R03FC0DAR22
Paloaltogeneric.ml
ClamAVWin.Malware.Mikey-9917879-0
KasperskyHEUR:Trojan-Ransom.Win32.Stop.gen
BitDefenderTrojan.GenericKD.48075144
AvastWin32:CrypterX-gen [Trj]
TencentTrojan-ransom.Win32.Stop.16000284
Ad-AwareTrojan.GenericKD.48075144
SophosMal/Generic-S + Mal/Agent-AWV
ComodoMalware@#281cj7n73rxdq
McAfee-GW-EditionBehavesLike.Win32.Packed.dm
EmsisoftTrojan.Crypt (A)
IkarusTrojan-Ransom.StopCrypt
GDataWin32.Trojan.PSE1.1M4L73C
AviraHEUR/AGEN.1242353
Antiy-AVLTrojan/Win32.SGeneric
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.STOP.sa
ZoneAlarmHEUR:Trojan-Ransom.Win32.Stop.gen
MicrosoftRansom:Win32/StopCrypt.PAR!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R467757
VBA32Trojan.Agent
ALYacTrojan.GenericKD.48075144
MAXmalware (ai score=82)
MalwarebytesTrojan.MalPack
APEXMalicious
RisingRansom.Stop!8.10810 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenericKDZ.6DF1!tr
AVGWin32:CrypterX-gen [Trj]
Cybereasonmalicious.56927b
PandaTrj/GdSda.A

How to remove Trojan.ConvaPMF.S26371181?

Trojan.ConvaPMF.S26371181 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment