Trojan

Trojan.DDoSTF.S8420 (file analysis)

Malware Removal

The Trojan.DDoSTF.S8420 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.DDoSTF.S8420 virus can do?

  • Attempts to connect to a dead IP:Port (3 unique times)
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

Related domains:

v8.ter.tf

How to determine Trojan.DDoSTF.S8420?



File Info:

crc32: 39029282
md5: 45f71b9d5a0677e07e3588f5e3cf1dca
name: 45F71B9D5A0677E07E3588F5E3CF1DCA.mlw
sha1: 0172568910c9f359e940bf7da8239f753ce3b8fb
sha256: 9774e30e9eb56d8af439d141cd838736a19b120b4b53ea633cf7071e551275cd
sha512: d5b75956a14fa8ca9b593d0d75b352f91cc01f206af079135a1f1073481d7b29995cc893f41925a893d485bbaa5dd74b3a01a8bb8c678b66ce8558969eeb32e4
ssdeep: 384:C1I0+Fkm7SWZZYO5uez+b+hCNzfdZvJQtCzsoRs/Ivk6YsI4S0XWh9mWsm:C1I0+FNSW3YO5z+b+hCFfHE0sv/HD55
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: ? Microsoft Corporation. All rights reserved.
InternalName: 
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: Microsoft? Windows? Operating System
SpecialBuild: 
ProductVersion: 6.1.7600.16385
FileDescription: Windows Enhanced Storage Password Authentication Program
OriginalFilename: EhStorAuthn.exe
Translation: 0x0804 0x04b0

Trojan.DDoSTF.S8420 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005376ae1 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader18.16955
CynetMalicious (score: 100)
CAT-QuickHealTrojan.DDoSTF.S8420
ALYacGen:Heur.Mint.Zard.30
CylanceUnsafe
ZillyaTrojan.PornoBlocker.Win32.12249
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/PornoBlocker.92c99c62
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.d5a067
BaiduWin32.Trojan.ServStart.ax
CyrenW32/Nitol.AC.gen!Eldorado
ESET-NOD32Win32/Agent.RMM
ZonerTrojan.Win32.80438
APEXMalicious
AvastWin32:Dh-A [Heur]
ClamAVWin.Malware.Nitol-6802818-0
KasperskyTrojan-Ransom.Win32.PornoBlocker.ejtx
BitDefenderGen:Heur.Mint.Zard.30
NANO-AntivirusTrojan.Win32.MicroFake.cchebz
SUPERAntiSpywareTrojan.Agent/Gen-FakeMS
MicroWorld-eScanGen:Heur.Mint.Zard.30
TencentTrojan.Win32.Lapka.bw
Ad-AwareGen:Heur.Mint.Zard.30
SophosMal/Generic-R + Mal/Behav-160
ComodoTrojWare.Win32.Nitol.KA@6cq5hu
BitDefenderThetaAI:Packer.9EF50CC01F
VIPRETrojan.Win32.Generic!BT
TrendMicroDDoS.Win32.NITOL.SMG
McAfee-GW-EditionBehavesLike.Win32.Generic.mc
FireEyeGeneric.mg.45f71b9d5a0677e0
EmsisoftGen:Heur.Mint.Zard.30 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.PornoBlocker.eq
WebrootW32.Malware.Gen
AviraTR/ATRAPS.hrva.12
eGambitUnsafe.AI_Score_99%
MicrosoftDDoS:Win32/Nitol.P!rfn
GDataWin32.Trojan.Microfake.A
TACHYONRansom/W32.PornoBlocker.51200
AhnLab-V3Trojan/Win32.Nitol.R299383
Acronissuspicious
McAfeeGenericRXAA-AA!45F71B9D5A06
MAXmalware (ai score=100)
VBA32BScope.Trojan.Scar
MalwarebytesTrojan.FakeMS
PandaTrj/Genetic.gen
TrendMicro-HouseCallDDoS.Win32.NITOL.SMG
RisingRansom.PornoBlocker!8.24E (CLOUD)
YandexTrojan.GenAsa!H41PVEbKGsY
IkarusTrojan.Win32.MicroFake
FortinetW32/Agent.RMM!tr
AVGWin32:Dh-A [Heur]
Paloaltogeneric.ml

How to remove Trojan.DDoSTF.S8420?

Trojan.DDoSTF.S8420 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment