Categories: Trojan

Trojan-Downloader.Win32.Bitser.ejn (file analysis)

The Trojan-Downloader.Win32.Bitser.ejn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Downloader.Win32.Bitser.ejn virus can do?

CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Deletes executed files from disk
Attempts to modify Windows Defender using PowerShell
Uses suspicious command line tools or Windows utilities

How to determine Trojan-Downloader.Win32.Bitser.ejn?


File Info:
name: BD5A3AEDB05B9C65F537.mlwpath: /opt/CAPEv2/storage/binaries/471cc9214505430333a7a455983b7ba495232a29daff71e136cf2db121af4e80crc32: BD0D92ECmd5: bd5a3aedb05b9c65f537bb330707af90sha1: 51d8ea5c8603ef9ae3a1feb0a476579109fc45dfsha256: 471cc9214505430333a7a455983b7ba495232a29daff71e136cf2db121af4e80sha512: 6d0e4fe8385a6db42ead36bad54f61c79d4fceee7adac5266d721cd51f49da9c2e313dec64f95342f9db2af7f9e4e412de6803bd4dd2fd2e773ff17abb9b92e8ssdeep: 1536:77fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfcw8:X7DhdC6kzWypvaQ0FxyNTBfcdtype: PE32 executable (console) Intel 80386, for MS Windowstlsh: T1CC937D41F3E202F7E6F2053100A6726F973662389764E8DBC74C2E529913AD5A63D3F9sha3_384: 335c89715bcb68766a6f4e796bc47c3f2bd29356d70a80f26febec4cdd75035a481ffb745cfda0e27e879068befca192ep_bytes: 68ac00000068000000006868804100e8timestamp: 2019-07-30 08:52:45
Version Info:
0: [No Data]

Trojan-Downloader.Win32.Bitser.ejn also known as:

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Encoder.trrL
CAT-QuickHeal	Trojan.GenericPMF.S17672155
McAfee	Artemis!BD5A3AEDB05B
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 00584baa1 )
Alibaba	TrojanDownloader:Win32/Bitser.81b2b6f8
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.db05b9
Cyren	W32/Kryptik.AYO.gen!Eldorado
Elastic	malicious (high confidence)
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Downloader.Win32.Bitser.ejn
Tencent	Win32.Trojan-Downloader.Bitser.Bnhl
McAfee-GW-Edition	BehavesLike.Win32.Generic.mh
FireEye	Generic.mg.bd5a3aedb05b9c65
Sophos	Generic PUA FB (PUA)
SentinelOne	Static AI – Malicious PE
Avira	TR/Dldr.Bitser.jtxiz
Antiy-AVL	Trojan/Generic.ASMalwS.5174
Microsoft	Program:Win32/Wacapew.C!ml
GData	Win32.Trojan.PSE.YXY4X0
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5216474
TACHYON	Ransom/W32.Encoder.91648
Malwarebytes	Trojan.PowerShell
TrendMicro-HouseCall	TROJ_GEN.R002H0CGU22
Rising	Trojan.Generic@AI.99 (RDML:PAoduq02AIYCY4BbhHOcDQ)
Ikarus	Trojan.Win32.Occamy
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.AYO!tr
CrowdStrike	win/malicious_confidence_100% (W)