Trojan

Trojan.Crypt.HO (file analysis)

Malware Removal

The Trojan.Crypt.HO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Crypt.HO virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A process attempted to delay the analysis task by a long amount of time.
  • Fake User-Agent detected
  • Installs itself for autorun at Windows startup
  • Attempts to modify proxy settings
  • Operates on local firewall’s policies and settings

How to determine Trojan.Crypt.HO?



File Info:

name: 22846B23BA09E4F1FBFE.mlw
path: /opt/CAPEv2/storage/binaries/16ca391d72e9a944810fc7006d4a7afce42c2d5ca14f5b6342a21eb3e647619f
crc32: B7DE4D5E
md5: 22846b23ba09e4f1fbfebb2cc48d7e20
sha1: b7b50ad2b77f141ac1c80adbcf32ffcde2a3fced
sha256: 16ca391d72e9a944810fc7006d4a7afce42c2d5ca14f5b6342a21eb3e647619f
sha512: 25e86aa8d802b9f8d50a374be7f4a21c0444df4fe58e6b642fa937ef35f25e6d74eee8fc03471c216226b8003488215a2fa99b8b069531f7d2eff5e5d9261b1d
ssdeep: 192:Zf5eSQdKSpis3qm0lAg/N2MwyTgDA543rzdljWm2h5:pASQsnoXg/QMjHO3rB5Wm2T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19EE16BCB748D73F3C5676871625E58283F2D60305E7B2B86EB0D304338B20A60A2EF91
sha3_384: e979906e2d6a055a4b4192830308d0e7c66eaff173ea43575a3f0a03b98ab8d4005cfafabbcd1bf514085471956f60d5
ep_bytes: 60be00f040008dbe0020ffff5783cdff
timestamp: 2008-07-21 06:31:47


Version Info:

0: [No Data]

Trojan.Crypt.HO also known as:

Elasticmalicious (moderate confidence)
DrWebTrojan.DownLoad.3177
MicroWorld-eScanTrojan.Crypt.HO
FireEyeGeneric.mg.22846b23ba09e4f1
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0001140e1 )
AlibabaTrojanSpy:Win32/Keatep.e3c58e3e
K7GWTrojan ( 0001140e1 )
Cybereasonmalicious.3ba09e
BitDefenderThetaAI:Packer.A6A4FFE01E
CyrenW32/Downloader.QGSA-1454
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDownloader.Sality
KasperskyTrojan-Downloader.Win32.Agent.agap
BitDefenderTrojan.Crypt.HO
NANO-AntivirusTrojan.Win32.Agent.qjem
AvastWin32:Sality-GR
TencentWin32.Trojan-downloader.Agent.Hprw
Ad-AwareTrojan.Crypt.HO
SophosMal/Generic-R + Mal/Keatep-A
ComodoMalware@#3hzdbdb60g7vf
ZillyaDownloader.Agent.Win32.24882
McAfee-GW-EditionBehavesLike.Win32.Virus.zh
SentinelOneStatic AI – Malicious PE
EmsisoftTrojan.Crypt.HO (B)
IkarusVirus.Win32.Sality
JiangminTrojanDownloader.Agent.adho
AviraTR/Crypt.XPACK.Gen
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotTrojan.Win32.A.Downloader.7168.G[UPX]
GDataTrojan.Crypt.HO
CynetMalicious (score: 100)
VBA32BScope.Trojan-Spy.Zbot
ALYacTrojan.Crypt.HO
APEXMalicious
RisingTrojan.Generic!8.C3 (CLOUD)
YandexTrojan.GenAsa!XEXEKJDDOGM
MAXmalware (ai score=98)
MaxSecureTrojan.Malware.1787713.susgen
FortinetW32/Sality.DLD!tr
AVGWin32:Sality-GR
PandaTrj/Downloader.ULN
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.Crypt.HO?

Trojan.Crypt.HO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment