Trojan

Trojan-Dropper.Win32.Inokrypt removal tips

Malware Removal

The Trojan-Dropper.Win32.Inokrypt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Dropper.Win32.Inokrypt virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Attempts to identify installed AV products by installation directory

How to determine Trojan-Dropper.Win32.Inokrypt?



File Info:

name: 279DC23266B196479096.mlw
path: /opt/CAPEv2/storage/binaries/43659f4109e35df12288f1333adbf8ff713ac8e738ddef505f2b1f4ca0efdc65
crc32: E5F54853
md5: 279dc23266b196479096018b3a4957f3
sha1: 3cbb1aa34053f590694b437c4fd28dcf41bbefc0
sha256: 43659f4109e35df12288f1333adbf8ff713ac8e738ddef505f2b1f4ca0efdc65
sha512: f97413f14cd6bf1db6beb926185527c2b0aa06c6de8a6cf72a56ae782cf53496dd3f0482dd385c6dea4f1e902848ed9dbcc637c0fe27f215ecd06c5fe5e7e0ff
ssdeep: 196608:p3tQ475mAZ+ICqOwCawJVd9FSqYeY8heez9PimgADOrCBm:g44AAnqOwCawTFHYce8gGHw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16AB623C4BABC7C12D227567DD2773A9A3D330FD0FDA32596EE183B1E18B5920759A402
sha3_384: d42f281eb1715072bd7e3f27a010ba41de55193bedd0394c3d5acabee3a0de533ab96c2834bd2ef8d34b155422d3efcc
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: FElssoft                                                    
FileDescription: Editor and MPEG Info Reader Library                         
FileVersion: 1.0.0.3             
LegalCopyright:                                                                                                     
ProductName: DkDrive                                                     
ProductVersion: 3.02                
Translation: 0x0000 0x04b0

Trojan-Dropper.Win32.Inokrypt also known as:

LionicTrojan.Win32.Ekstak.4!c
DrWebTrojan.Zadved.1661
MicroWorld-eScanAdware.GenericKD.36155315
McAfeeArtemis!279DC23266B1
CylanceUnsafe
SangforTrojan.Win32.Agent.SLY
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDropper:Win32/Ekstak.bb7c8efa
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.266b19
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLY
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Dropper.Win32.Inokrypt.gen
BitDefenderAdware.GenericKD.36155315
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan.Ekstak.Hrzh
Ad-AwareAdware.GenericKD.36155315
EmsisoftAdware.GenericKD.36155315 (B)
ZillyaTrojan.Ekstak.Win32.57649
TrendMicroTROJ_GEN.R002C0GBR22
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.vc
FireEyeAdware.GenericKD.36155315
SophosGeneric PUA DM (PUA)
JiangminTrojanDownloader.Razy.hmh
AviraHEUR/AGEN.1233157
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitAdware.Generic.D227AFB3
ZoneAlarmHEUR:Trojan-Dropper.Win32.Inokrypt.gen
GDataAdware.GenericKD.36155315
VBA32Trojan.Zadved
ALYacAdware.GenericKD.36155315
MAXmalware (ai score=62)
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002C0GBR22
IkarusTrojan.Win32.Crypt
FortinetPossibleThreat.MU
AVGWin32:AdwareX-gen [Adw]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan-Dropper.Win32.Inokrypt?

Trojan-Dropper.Win32.Inokrypt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment