Trojan-Dropper.Win32.Gamaredon.adq (file analysis)

The Trojan-Dropper.Win32.Gamaredon.adq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Dropper.Win32.Gamaredon.adq virus can do?

Attempts to connect to a dead IP:Port (5 unique times)
At least one IP Address, Domain, or File Name was found in a crypto call
Reads data out of its own binary image
Drops a binary and executes it
Performs some HTTP requests
Uses Windows utilities for basic functionality
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup
Checks the system manufacturer, likely for anti-virtualization
Attempts to modify proxy settings
Attempts to create or modify system certificates
Makes SMTP requests, possibly sending spam or exfiltrating data.

Related domains:

z.whorecord.xyz

a.tomx.xyz

nexusrules.officeapps.live.com

config.edge.skype.com

smtps.bol.com.br

How to determine Trojan-Dropper.Win32.Gamaredon.adq?


File Info:
crc32: 30F7362C
md5: 12bb11b9cb2c85ad1bb8895fd51fcceb
name: 12BB11B9CB2C85AD1BB8895FD51FCCEB.mlw
sha1: 47d768a7e8f2cebca881a878697ad10210367312
sha256: 8c5cd0417bca0737e9981f2fab63f1beaeafd9a55d4df24444d90c107deb44ba
sha512: 8a3c783df5f8b86edb87a43030496f657bc21459d6aff77b66ae7faf02b624d2b4207f3894a5e23b599a7803207eb37a874e5f240a168a660d88521d732eca3b
ssdeep: 196608:WLcDHK47+f+mFWIMBXAGoi8fsU1mqBTt+a4imKHbK:WLcDHa2EMBwo8EU11Tt3LO
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

Trojan-Dropper.Win32.Gamaredon.adq also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 004befdb1 )
Lionic	Trojan.Win32.Encoder.tq0V
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader24.54173
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.42888859
Cylance	Unsafe
Zillya	Trojan.Rasftuby.Win32.316
K7GW	Trojan ( 004befdb1 )
Cybereason	malicious.9cb2c8
Cyren	W32/Trojan.GMR.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Dropper.Bladabindi-6813690-0
Kaspersky	Trojan-Dropper.Win32.Gamaredon.adq
BitDefender	Trojan.GenericKD.42888859
NANO-Antivirus	Trojan.Win32.Vimditator.hgyowa
MicroWorld-eScan	Trojan.GenericKD.42888859
Tencent	Win32.Trojan-dropper.Gamaredon.Dxxb
Ad-Aware	Trojan.GenericKD.42888859
Sophos	Mal/Generic-S
Comodo	Malware@#1wnae9od54r8a
F-Secure	Trojan.TR/Vimditator.wqsjy
BitDefenderTheta	Gen:NN.ZedlaF.34266.N28@aWWUmPji
TrendMicro	TROJ_GEN.R007C0DH721
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
FireEye	Generic.mg.12bb11b9cb2c85ad
Emsisoft	Trojan.GenericKD.42888859 (B)
SentinelOne	Static AI – Malicious SFX
Jiangmin	Trojan.Scrami.s
Avira	TR/Vimditator.wqsjy
eGambit	Unsafe.AI_Score_98%
Antiy-AVL	Trojan/Win32.BTSGeneric
Microsoft	Trojan:Win32/Occamy.C8C
Arcabit	Trojan.Generic.D28E6E9B
GData	Win32.Trojan.Agent.2X43UX
AhnLab-V3	Malware/Win32.RL_Generic.R305028
McAfee	Artemis!12BB11B9CB2C
MAX	malware (ai score=87)
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Malware.AI.749428179
Panda	Trj/CI.A
Rising	Trojan.Generic@ML.100 (RDMK:1kf/IiUUu8dAQqnKk7ymnA)
Fortinet	Riskware/Gamaredon
AVG	Win32:Malware-gen
Paloalto	generic.ml

How to remove Trojan-Dropper.Win32.Gamaredon.adq?

Trojan-Dropper.Win32.Gamaredon.adq removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan-Dropper.Win32.Gamaredon.adq (file analysis)