Trojan

Trojan-Downloader.MSIL.Krocomain.pef removal instruction

Malware Removal

The Trojan-Downloader.MSIL.Krocomain.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.MSIL.Krocomain.pef virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the EnigmaStub malware family
  • Anomalous binary characteristics

How to determine Trojan-Downloader.MSIL.Krocomain.pef?



File Info:

name: 850D2795856B8D1421B2.mlw
path: /opt/CAPEv2/storage/binaries/d691e053843e36a23fcbde87ff948938ecf22dde34132b68d9fc4f5984d05cf9
crc32: C18E7CF8
md5: 850d2795856b8d1421b24d74ae5428b0
sha1: 91f3ce289f505929c1fc26aa230b5f944b3c3a88
sha256: d691e053843e36a23fcbde87ff948938ecf22dde34132b68d9fc4f5984d05cf9
sha512: 743ae73fd25c23e20819a98761e906a1743ac27c7426cc68d7013060a2190f1cee8859f6871b2a16dbbca2e14663b9772417f5534438ca29096c0abd0ff0f4b2
ssdeep: 49152:w0HY4sCCi3o78tlxGe/bPsWeLlQ+j34hO+UwjM:wz4sKo78vzrsXL1IXjM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F78533260769DF1BF5337CFB97D9416A82A105D7F46ED3F22087B6B0287960E46ACE04
sha3_384: 0b9e8795c49b3ace3040ce847e25a234689d5e64745b264d3beb54248865886bf5d624eab41435a0f78884adf738ffd4
ep_bytes: 60e8000000005d81ed0600000081ed70
timestamp: 2022-06-09 21:26:22


Version Info:

FileVersion: 5.15.2.0
OriginalFilename: libGLESv2.dll
ProductName: libGLESv2
ProductVersion: 5.15.2.0
Translation: 0x0409 0x04b0

Trojan-Downloader.MSIL.Krocomain.pef also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanTrojan.GenericKD.39855278
FireEyeGeneric.mg.850d2795856b8d14
ALYacTrojan.GenericKD.39855278
CylanceUnsafe
Sangfor[ASPACK 1.02B OR 1.08.03]
K7AntiVirusTrojan ( 005835da1 )
AlibabaTrojanDownloader:MSIL/Krocomain.0a95ec29
K7GWTrojan ( 005835da1 )
Cybereasonmalicious.5856b8
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.MSIL.Krocomain.pef
BitDefenderTrojan.GenericKD.39855278
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.39855278
EmsisoftTrojan.GenericKD.39855278 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.39855278
AviraHEUR/AGEN.1231060
ArcabitTrojan.Generic.D26024AE
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R500156
Acronissuspicious
McAfeeArtemis!850D2795856B
MAXmalware (ai score=82)
VBA32Trojan.Zpevdo
MalwarebytesTrojan.Dropper
ZonerProbably Heur.ExeHeaderL
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
BitDefenderThetaGen:NN.ZexaF.34742.Rz0@amfVRUni
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan-Downloader.MSIL.Krocomain.pef?

Trojan-Downloader.MSIL.Krocomain.pef removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment