Trojan-Downloader.Win32.Tovkater.bou (file analysis)

The Trojan-Downloader.Win32.Tovkater.bou is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Downloader.Win32.Tovkater.bou virus can do?

Reads data out of its own binary image
A process created a hidden window
Drops a binary and executes it
Behavior consistent with a dropper attempting to download the next stage.
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

inactiveanimals.top

duckandbear.top

How to determine Trojan-Downloader.Win32.Tovkater.bou?


File Info:
crc32: AAB9D93C
md5: 94bd0bb572637af3568f9e550fa1642c
name: 94BD0BB572637AF3568F9E550FA1642C.mlw
sha1: e48dfe6268f73286997a1c15c1409872661629c5
sha256: 1a7c0da4042007d19399a96b93476dd9c5bbb484669aa3b8c7bb42ddfbd141c0
sha512: 1b6825249c58f35f8b822aa231cb3247ed999139004b5cca47c776bff163df7e5e83c94e7f726f7ea72afd607db44fd70820a69f5445e6f39eb05c40aa725f4f
ssdeep: 3072:AND7V2BCDm6Ltzu0pDes/8Wnroukw07Pt6UZT/X0J3KQsp82nYKBQ/qUFRm63CkJ:Ar2R6xj18Wnrouk1Tt6ULO/25eFEkGFG
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:
LegalCopyright: oGrimm Stone Prod. All rights reserved.
InternalName: myGrimm Installer
FileVersion: 12.8.2.9
CompanyName: 
Comments: xInstall software
ProductName: iNSIS installer
ProductVersion: 21.8.2.9
Translation: 0x0409 0x04b0

Trojan-Downloader.Win32.Tovkater.bou also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan-Downloader ( 0051921e1 )
Lionic	Trojan.Win32.Tovkater.a!c
Elastic	malicious (high confidence)
DrWeb	Trojan.InstallMonster.2400
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.37516782
Cylance	Unsafe
Zillya	Adware.DLBoost.Win32.3351
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	TrojanDownloader:Win32/Tovkater.ef5e0d3f
K7GW	Trojan-Downloader ( 0051921e1 )
Cybereason	malicious.572637
Cyren	W32/Taterf.A!Generic
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Dropper.Tovkater-6664559-0
Kaspersky	Trojan-Downloader.Win32.Tovkater.bou
BitDefender	Trojan.GenericKD.37516782
NANO-Antivirus	Trojan.Win32.Tovkater.etrahp
MicroWorld-eScan	Trojan.GenericKD.37516782
Tencent	Win32.Trojan-downloader.Tovkater.Huft
Ad-Aware	Trojan.GenericKD.37516782
Sophos	Generic ML PUA (PUA)
Comodo	Malware@#1vi36pe92hoff
BitDefenderTheta	Gen:NN.ZexaF.34170.jmKfaWlCMjoG
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
FireEye	Generic.mg.94bd0bb572637af3
Emsisoft	Trojan.GenericKD.37516782 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	TrojanDownloader.Tovkater.ai
Avira	HEUR/AGEN.1117983
Antiy-AVL	Trojan/Generic.ASMalwS.310C58A
Microsoft	Trojan:Win32/Ditertag.A
SUPERAntiSpyware	Adware.Generic/Variant
GData	Trojan.GenericKD.37516782
AhnLab-V3	Downloader/Win32.Tovkater.R210632
Acronis	suspicious
McAfee	Artemis!94BD0BB57263
MAX	malware (ai score=99)
VBA32	Trojan.Wacatac
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/Genetic.gen
Yandex	Trojan.DL.Tovkater!MhEfGkGs7eU
Fortinet	W32/Tovkater.FQ!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Trojan-Downloader.Win32.Tovkater.bou?

Trojan-Downloader.Win32.Tovkater.bou removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan-Downloader.Win32.Tovkater.bou (file analysis)