Trojan

What is “Trojan-Downloader.Win32.Small.czcy”?

Malware Removal

The Trojan-Downloader.Win32.Small.czcy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.Small.czcy virus can do?

  • Dynamic (imported) function loading detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location

How to determine Trojan-Downloader.Win32.Small.czcy?



File Info:

name: 0C791D1C68718FF263DA.mlw
path: /opt/CAPEv2/storage/binaries/4145e89bb2fd005545c8d7f07e37d2adc1fb8e5c33bd9f28cfaa0e9fc6e18cbe
crc32: 3AACFE16
md5: 0c791d1c68718ff263da5d52d46f7e7e
sha1: 76541c13b78d39b746b5c9753c0908768a128b86
sha256: 4145e89bb2fd005545c8d7f07e37d2adc1fb8e5c33bd9f28cfaa0e9fc6e18cbe
sha512: 084ccc5c7448c59eb7baade95e54a5a7f6222f295e4a9398c5ea982719004e62f804ddc6cdae3a6443069cabac939ac804dc6549163e9c53ff5f58f0244293e8
ssdeep: 192:XiQC3oSWdHwnzr9V/bkH5S1qi7PvaqHTMF/ut:U4H4zrHb05mqiTgVut
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1297248382FEA5A76F37BCEBA86F242C6A974B1223D02991D405647440823F95DDB1F4F
sha3_384: 99b200d94765a9627d3d08ab0b0c05f51a7582c5d44d229e9036907ba0ea45cf239e33505ca756b57d4f90c6e3e0cdcd
ep_bytes: 558bec81c410ffffffe8000000005b81
timestamp: 2014-05-26 14:48:58


Version Info:

0: [No Data]

Trojan-Downloader.Win32.Small.czcy also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Gubbins.19
FireEyeGeneric.mg.0c791d1c68718ff2
CAT-QuickHealDownldr.Upatre.S20244402
McAfeeGenericATG-FCKE!0C791D1C6871
CylanceUnsafe
ZillyaAdware.Eorezo.Win32.24182
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0049d22b1 )
K7GWTrojan-Downloader ( 0049d22b1 )
Cybereasonmalicious.c68718
BitDefenderThetaAI:Packer.B7D4D2421E
CyrenW32/Upatre.GX.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Waski.F
APEXMalicious
ClamAVWin.Downloader.Upatre-9791188-0
KasperskyTrojan-Downloader.Win32.Small.czcy
BitDefenderGen:Heur.Mint.Gubbins.19
NANO-AntivirusTrojan.Win32.DownLoad3.czwodh
AvastWin32:Malware-gen
TencentTrojan.Win32.BitCoinMiner.la
Ad-AwareGen:Heur.Mint.Gubbins.19
EmsisoftGen:Heur.Mint.Gubbins.19 (B)
DrWebTrojan.DownLoad3.33795
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_UPATRE.SMJ0
McAfee-GW-EditionBehavesLike.Win32.Generic.lz
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.Mint.Gubbins.19
JiangminTrojanDownloader.Small.cann
MaxSecureTrojan.Malware.300983.susgen
AviraTR/Downloader.Gen
Antiy-AVLTrojan/Generic.ASMalwS.A2C828
ArcabitTrojan.Mint.Gubbins.19
MicrosoftTrojanDownloader:Win32/Upatre.AA
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C445269
Acronissuspicious
VBA32TrojanDownloader.Small
ALYacGen:Heur.Mint.Gubbins.19
MAXmalware (ai score=80)
MalwarebytesMalware.AI.2495935062
TrendMicro-HouseCallTROJ_UPATRE.SMJ0
RisingTrojan.Generic@ML.96 (RDML:rPc16+rrO6n9s3CJSK1mfA)
IkarusTrojan-Downloader.Win32.Waski
eGambitUnsafe.AI_Score_98%
FortinetW32/Waski.C!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan-Downloader.Win32.Small.czcy?

Trojan-Downloader.Win32.Small.czcy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment