Trojan

Trojan-Downloader.Win32.OffLoader.bml (file analysis)

Malware Removal

The Trojan-Downloader.Win32.OffLoader.bml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.OffLoader.bml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Trojan-Downloader.Win32.OffLoader.bml?



File Info:

name: 846A7E7978B4464F6E2B.mlw
path: /opt/CAPEv2/storage/binaries/eb89fd959e5f6c5f5ec5f6fc2d4da500cbb038a82f3532fc92c064693c2418a6
crc32: 61E91EF2
md5: 846a7e7978b4464f6e2b038ef71f9610
sha1: 66bb42b581787515e40194f7c7939dcebcc86c60
sha256: eb89fd959e5f6c5f5ec5f6fc2d4da500cbb038a82f3532fc92c064693c2418a6
sha512: d791ff5751085d343a0da875a8a8f7f2e7226dd7ab904839b11c9d8cf2806cee2aeca83870a790f0857dfc61205564847e2caaf8cca0172099ef6238716b5c36
ssdeep: 98304:cSiivp4G1HOI2DFj7oN/eY+Hqytff8peEMfj+DidXvh6d204OOR5qDB:biG+j8/MbEjgJ6M8YYl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14136123FB268A43EC4AA0B3249B3D360587B7B65A85A8C1F47F0480DCF6A5711E3B755
sha3_384: 5a300b51a17270ea805605b448d1a0d201d3d345b17bec2daeea52d36cfe4a020f84259c6668e11f26d7ab32e0a88cbc
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2020-11-15 09:48:30


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: Autodesk Maya v2024 (x64) Pre-Cracked Setup                 
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: Autodesk Maya v2024 (x64) Pre-Cracked                       
ProductVersion: 1.0                                               
Translation: 0x0000 0x04b0

Trojan-Downloader.Win32.OffLoader.bml also known as:

Elasticmalicious (moderate confidence)
McAfeeArtemis!846A7E7978B4
MalwarebytesGeneric.Malware/Suspicious
K7AntiVirusTrojan-Downloader ( 0059c6831 )
K7GWTrojan-Downloader ( 0059c6831 )
CrowdStrikewin/grayware_confidence_60% (W)
CyrenW32/Agent.FLZ.gen!Eldorado
ESET-NOD32a variant of Win32/TrojanDownloader.Agent.GPE
Paloaltogeneric.ml
KasperskyTrojan-Downloader.Win32.OffLoader.bml
AvastWin32:Trojan-gen
F-SecureTrojan.TR/Downloader.Gen
McAfee-GW-EditionBehavesLike.Win32.CSDImonetize.rc
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
GDataWin32.Trojan.Agent.XRD0OL
GoogleDetected
AviraTR/Downloader.Gen
ZoneAlarmTrojan-Downloader.Win32.OffLoader.bml
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 99)
TrendMicro-HouseCallTROJ_GEN.R002H0ADP23
TencentWin32.Trojan-Downloader.Offloader.Cwnw
FortinetW32/Agent.GPE!tr.dldr
AVGWin32:Trojan-gen

How to remove Trojan-Downloader.Win32.OffLoader.bml?

Trojan-Downloader.Win32.OffLoader.bml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment