Trojan

About “Trojan-Downloader.Win32.LgoogLoader.p” infection

Malware Removal

The Trojan-Downloader.Win32.LgoogLoader.p is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.LgoogLoader.p virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Collects and encrypts information about the computer likely to send to C2 server
  • Network activity contains more than one unique useragent.
  • Attempts to modify Windows Defender using PowerShell
  • Attempts to execute suspicious powershell command arguments

How to determine Trojan-Downloader.Win32.LgoogLoader.p?



File Info:

name: 38B7C3C34846D1609670.mlw
path: /opt/CAPEv2/storage/binaries/7e3c9b98f5eeac71db8ce45f8f1217b811e22e12127043903dcb359eaa29f7fd
crc32: EC00FE7C
md5: 38b7c3c34846d1609670e3f8a07eaea9
sha1: edf24f6f55d63dcad93da136355db94e46cc9d7b
sha256: 7e3c9b98f5eeac71db8ce45f8f1217b811e22e12127043903dcb359eaa29f7fd
sha512: 7d41984ee1bdbb0c1d46ea84962977a1019e214611bd1370962e987346f74960ce09e8730d92d2d044d90f375b3e550674ff6160bc12688bd04185792cc5977b
ssdeep: 196608:JHnv3L64c/0jNkk0x6Zltkg6bHIN/8D9IKH:JLzj3FkgUIEIKH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AF7633FDE132AAE9D32E12314730169B0C751439B2DCABBBBE94D6095924437DA8CF49
sha3_384: 8b66c48bc1f494920aeb9def8501d3e5059cf60bb91a8512a809b315d174dc863e667dc4190914d3b38a33278010b6c9
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2020-08-01 02:44:18


Version Info:

0: [No Data]

Trojan-Downloader.Win32.LgoogLoader.p also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Jaik.47957
CAT-QuickHealTrojandownloader.Lgoogloader
SangforTrojan.Win32.Save.a
BitDefenderGen:Variant.Jaik.47957
Cybereasonmalicious.34846d
CyrenW32/ABRisk.FTBR-5769
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Packed.Jaik-9863991-0
KasperskyTrojan-Downloader.Win32.LgoogLoader.p
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
SophosMal/Zbot-FG
DrWebTrojan.Packed
TrendMicroTROJ_GEN.R002C0RET22
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
FireEyeGeneric.mg.38b7c3c34846d160
EmsisoftGen:Variant.Jaik.47957 (B)
SentinelOneStatic AI – Suspicious PE
GDataGen:Variant.Jaik.47957
AviraHEUR/AGEN.1210138
MAXmalware (ai score=89)
KingsoftWin32.Troj.Agentb.kr.(kcloud)
ArcabitTrojan.Jaik.DBB55
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
Acronissuspicious
BitDefenderThetaAI:Packer.FF030D2E1F
ALYacGen:Variant.Jaik.47957
VBA32Malware-Cryptor.InstallCore.6
MalwarebytesMalware.AI.1522987407
TrendMicro-HouseCallTROJ_GEN.R002C0RET22
RisingDropper.Agent/NSIS!1.D805 (CLASSIC:GyxsdPQedCMg6l+Yxf0idg)
IkarusTrojan-Downloader.Win32.Agent
FortinetW32/Agent.GFA!tr.dldr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen

How to remove Trojan-Downloader.Win32.LgoogLoader.p?

Trojan-Downloader.Win32.LgoogLoader.p removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment