Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/Trojan
Threat report

About “Trojan-Dropper.Win32.Dapato.repi” infection

Published Feb 6, 2024 Trojan category 3 min read
Report context

What to verify before removal

Use this report for a controlled check of About “Trojan-Dropper.Win32.Dapato.repi” infection when the affected machine shows suspicious processes, dropped files, or payload delivery behavior. The goal is to verify the exact file and persistence path before quarantine.

Start by comparing the local file name with CFC63AFF8C65C1D1C517.mlw, then review the behavior notes for persistence entries, dropped files, unusual processes, and browser or network changes. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
CFC63AFF8C65C1D1C517.mlw
  • Compare the suspicious file name with CFC63AFF8C65C1D1C517.mlw.
  • Confirm the detection name matches About “Trojan-Dropper.Win32.Dapato.repi” infection before removing related files.
  • Review the report for persistence entries, dropped files, unusual processes, and browser or network changes so the cleanup is based on observed behavior, not only the label.
  • Run a full scan, quarantine confirmed detections, and restart before signing back in to sensitive accounts.

The Trojan-Dropper.Win32.Dapato.repi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan-Dropper.Win32.Dapato.repi virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Creates a copy of itself
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan-Dropper.Win32.Dapato.repi?



File Info:

name: CFC63AFF8C65C1D1C517.mlw
path: /opt/CAPEv2/storage/binaries/69ca99cc08b86e0cea4b1c1336b0c565f2f21a6b7c038e9ab761f06714d7dc35
crc32: 54702F4B
md5: cfc63aff8c65c1d1c51792f98af12d8d
sha1: 3a873a57b222971ff76add98f71f15641a4af285
sha256: 69ca99cc08b86e0cea4b1c1336b0c565f2f21a6b7c038e9ab761f06714d7dc35
sha512: 1909be445b7697be6a0e52f76088dced140194b3712f1481fa13c0fa4cd3d71f31ba0c5909fb1058832ef09a777364d350933e192ee7db75fb5a523283be69a4
ssdeep: 49152:dsYJUoI0Dx0TUexExK31DxjDodjIug71vPegdSwNCeWlc8VrLDP9xHd:dsVoI0DnMD1qIugaw+ljlx9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12CE5F12366A1402EE5B282314C6F9E7095A93D735B354167F6E0FE1C2DF0992BA13F1B
sha3_384: a4ae9eed53ac077a896e8a56094767a8d83718e92964bbc68c615d7f350b7307995c193a8c6342cb432af636b573b785
ep_bytes: e81b7e0000e97ffeffff558bec33d28b
timestamp: 2017-05-01 05:41:43


Version Info:

CompanyName: System Development, Inc
FileDescription: Setup Launcher Unicode
FileVersion: 1.00.0000
InternalName: Setup
LegalCopyright: Copyright (c) 2016 Flexera Software LLC. All Rights Reserved.
OriginalFilename: InstallShield Setup.exe
ProductName: register
ProductVersion: 1.00.0000
Internal Build Number: 174648
ISInternalVersion: 23.0.511
ISInternalDescription: Setup Launcher Unicode
Translation: 0x0409 0x04b0

Trojan-Dropper.Win32.Dapato.repi also known as:

Bkav W32.Common.58171947
Lionic Trojan.Win32.Dapato.b!c
Skyhigh Artemis!Trojan
McAfee Artemis!CFC63AFF8C65
Cylance unsafe
K7GW Riskware ( 00584baa1 )
K7AntiVirus Riskware ( 00584baa1 )
Cynet Malicious (score: 99)
Kaspersky Trojan-Dropper.Win32.Dapato.repi
Avast Win32:Malware-gen
Tencent Win32.Trojan-Dropper.Dapato.Vgil
F-Secure Trojan.TR/AD.Zdengo.hfypx
Ikarus Trojan.Zdengo
GData Win32.Trojan.Agent.842V6J
Avira TR/AD.Zdengo.hfypx
ZoneAlarm Trojan-Dropper.Win32.Dapato.repi
Google Detected
Malwarebytes Generic.Malware/Suspicious
TrendMicro-HouseCall TROJ_GEN.R002H07AL24
MaxSecure Trojan.Malware.230344259.susgen
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen
DeepInstinct MALICIOUS

How to remove Trojan-Dropper.Win32.Dapato.repi?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.