Trojan

Trojan-Downloader.Win32.Gootkit.bpg removal

Malware Removal

The Trojan-Downloader.Win32.Gootkit.bpg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.Gootkit.bpg virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Checks the CPU name from registry, possibly for anti-virtualization

How to determine Trojan-Downloader.Win32.Gootkit.bpg?



File Info:

name: 173BDCE5CFF93ECCA5BD.mlw
path: /opt/CAPEv2/storage/binaries/ec38f033498ab872b7e64d08a60599ecb268381fc2a9c8d9230f313553cac940
crc32: 77BB5F87
md5: 173bdce5cff93ecca5bde4230ace9a86
sha1: 73ae1047711f99ed9808d1b185ae16db92b24247
sha256: ec38f033498ab872b7e64d08a60599ecb268381fc2a9c8d9230f313553cac940
sha512: 86b575b06b08cb259cd142f08484a610591f8f3d1ad7517d335e97aa58f3bf1b02d288bcbb63f536106a60d5a85b700b7d57ad6a46cd27479ea8a1d2f0ca11c2
ssdeep: 6144:kdUKdB/d40Q2U0kg6q/KieMF/ndjPt5EmSLtANqfDgMQeM6B1Z:IUKdtsgZhF/djPt5EmEgxVe1Z
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F66423CB0AF2767DCFA56EB4966FC30C12BB1C5A42015E387C182347B5A4B45E486FE6
sha3_384: 50a55a3efb2f3bdc723d51ff3d5d137f68a71496b4101b216d093ca25a81c46c238d5376e72dc6cfa11885a985045023
ep_bytes: 60be003043008dbe00e0fcff57eb0b90
timestamp: 2007-12-03 11:25:51


Version Info:

CompanyName: Bottle Rocket Apps Real
ProductVersion: 13.2.94.58
ProductName: Spellare
LegalCopyright: Copyright © 2004 Bottle Rocket Apps Real. All rights reserved.
FileDescription: Spellare
FileVersion: 13.2.94.58
InternalName: Spellare
Translation: 0x0409 0x04b0

Trojan-Downloader.Win32.Gootkit.bpg also known as:

LionicTrojan.Win32.Malicious.4!c
DrWebTrojan.PWS.Banker1.34773
MicroWorld-eScanTrojan.GenericKD.38136022
FireEyeGeneric.mg.173bdce5cff93ecc
McAfeeArtemis!173BDCE5CFF9
CylanceUnsafe
K7AntiVirusTrojan ( 005432871 )
AlibabaTrojanDownloader:Win32/Gootkit.98c09395
K7GWTrojan ( 005432871 )
Cybereasonmalicious.7711f9
BitDefenderThetaGen:NN.ZexaF.34062.umNfaSQtcmai
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GNPE
TrendMicro-HouseCallTROJ_GEN.R002H0CKS21
Paloaltogeneric.ml
KasperskyTrojan-Downloader.Win32.Gootkit.bpg
BitDefenderTrojan.GenericKD.38136022
NANO-AntivirusTrojan.Win32.Yakes.fkyurj
AvastFileRepMalware
Ad-AwareTrojan.GenericKD.38136022
EmsisoftTrojan.GenericKD.38136022 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.38136022
JiangminTrojan.Yakes.abzx
AviraTR/Crypt.XPACK.Gen3
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.2A4BF4D
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D245E8D6
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.38136022
VBA32Trojan.Yakes
APEXMalicious
YandexTrojan.DL.Gootkit!f9iVtZCsg2k
IkarusTrojan.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.CUBY!tr
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_80% (W)

How to remove Trojan-Downloader.Win32.Gootkit.bpg?

Trojan-Downloader.Win32.Gootkit.bpg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment