Should I remove “Trojan-Downloader.Win32.Blamon”?

The Trojan-Downloader.Win32.Blamon is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Downloader.Win32.Blamon virus can do?

• SetUnhandledExceptionFilter detected (possible anti-debug)
• Behavioural detection: Executable code extraction – unpacking
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Creates RWX memory
• A process attempted to delay the analysis task.
• Loads a driver
• Dynamic (imported) function loading detected
• Performs HTTP requests potentially not found in PCAP.
• HTTPS urls from behavior.
• Enumerates running processes
• Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
• Attempts to modify Internet Explorer’s start page
• CAPE extracted potentially suspicious content
• Unconventionial binary language: Chinese (Simplified)
• Unconventionial language used in binary resources: Chinese (Simplified)
• The binary likely contains encrypted or compressed data.
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Sniffs keystrokes
• Attempts to stop active services
• Network activity contains more than one unique useragent.
• Installs itself for autorun at Windows startup
• Attempts to modify proxy settings
• Uses suspicious command line tools or Windows utilities

How to determine Trojan-Downloader.Win32.Blamon?

File Info:
name: 1E1DD3F77B8AAC404A3F.mlw
path: /opt/CAPEv2/storage/binaries/b55e8f5708dd9e36be163c108c24c9b37226c0c9fe94eead9c77d0255e6c9923
crc32: 7F3191FF
md5: 1e1dd3f77b8aac404a3f5aaaa112f399
sha1: 71a3cbf614933db35a22cf973c4a4ff726238ee4
sha256: b55e8f5708dd9e36be163c108c24c9b37226c0c9fe94eead9c77d0255e6c9923
sha512: 07467aa766772cd293754bf11919332b96a43faa51492b35d6203b05b77158cbeaf04cc61da57b26c33e117d671db5e36126ccb63bf15fe8b443b6accb66f316
ssdeep: 98304:4Pds5JNYSIDXRGk+FDlfWjxKimdIqFJWZHr/I19NbzQAd03XhaxOU7DlZI+yG:4EtGGk+9lujgtXWHzCj03xaxzvlnyG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T105661223E551C0F6C52516B149B32B39BD74A7541A25CB83EFD4DEB92D32B40AB3B20E
sha3_384: f088188a95333562881f9e5531e8e97a382911fd21bb49cf9b55f998c899a86297e3da2eba4e19fd97534071ab5143e2
ep_bytes: 558bec6aff6880d9a00068f4564d0064
timestamp: 2022-01-26 08:42:54

Version Info:
FileVersion: 1.3.1.4
FileDescription: C++
ProductName: C++
ProductVersion: 1.3.1.4
CompanyName: C++
LegalCopyright: C++
Comments: C++
Translation: 0x0804 0x04b0

Trojan-Downloader.Win32.Blamon also known as:

How to remove Trojan-Downloader.Win32.Blamon?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.