Trojan

Trojan-Dropper.Win32.Dapato.pmsj removal guide

Malware Removal

The Trojan-Dropper.Win32.Dapato.pmsj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Dropper.Win32.Dapato.pmsj virus can do?

  • A file was accessed within the Public folder.
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Deletes executed files from disk
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan-Dropper.Win32.Dapato.pmsj?



File Info:

name: EB1EC010A4DF949AC726.mlw
path: /opt/CAPEv2/storage/binaries/a0343dfa5e17ac53cdb6088ec2a0e506ac0e6b63de90bcd8b8faa9e84adafc02
crc32: 4CB372CE
md5: eb1ec010a4df949ac7266e42b92fd25a
sha1: 5401a7f550d085a36f1296bc136d284fa7be5829
sha256: a0343dfa5e17ac53cdb6088ec2a0e506ac0e6b63de90bcd8b8faa9e84adafc02
sha512: e5d12650f6cbec954aeea0370e3e832dd210d2feda1c4cb95808daa0efe8adffcc97c98599031bbc34ab2bb8de1d30764898293c1d56935025d1ecb44eddaf90
ssdeep: 196608:9/vFiosjwj7ggfi1qSswG5vY7h8SIWtrHL+foq1Wbadu7bJfcN:9HFojwAgoG5Q7hL/BrkuRcN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T185763358BBC6CC38D0154378894E66F9CA642F45683F54CA62DDB8787BF650B0E7E223
sha3_384: b6dace39d9dd1acc0d8872a1c890283a06372518d1876be03b6801f1a8f16a6511d05c8313bc4498da75e8ce9d7023d6
ep_bytes: 558bec83c4f0b89c9a4100e8b8abfeff
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
CompanyName: YeNiçeRi                                                    
FileDescription: Easy MP3 Downloader 4.3.1.6 Installation                    
FileVersion: 4.3.1.6             
LegalCopyright: YeNiçeRi                                                                                            
Translation: 0x0409 0x04e4

Trojan-Dropper.Win32.Dapato.pmsj also known as:

BkavW32.Common.7D84F2FD
LionicTrojan.Win32.Dapato.b!c
DrWebProgram.Unwanted.1350
SkyhighBehavesLike.Win32.Dropper.wc
McAfeeArtemis!EB1EC010A4DF
SangforDropper.Win32.Agent.Vu4i
AlibabaTrojanDropper:Win32/Dapato.1a9b007e
APEXMalicious
KasperskyTrojan-Dropper.Win32.Dapato.pmsj
AvastWin32:Malware-gen
JiangminTrojanDropper.Dapato.aeir
XcitiumMalware@#kynjwveflnjo
ZoneAlarmTrojan-Dropper.Win32.Dapato.pmsj
Cylanceunsafe
TencentWin32.Trojan-Dropper.Dapato.Cflw
MaxSecureTrojan.Malware.73564251.susgen
AVGWin32:Malware-gen
alibabacloudTrojan[dropper]:Win/Dapato.pmsj

How to remove Trojan-Dropper.Win32.Dapato.pmsj?

Trojan-Dropper.Win32.Dapato.pmsj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment