Trojan

Trojan-Dropper.Win32.Small.axz (file analysis)

Malware Removal

The Trojan-Dropper.Win32.Small.axz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Dropper.Win32.Small.axz virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Starts servers listening on 0.0.0.0:5434
  • The binary likely contains encrypted or compressed data.
  • Code injection with CreateRemoteThread in a remote process
  • Installs itself for autorun at Windows startup
  • Operates on local firewall’s policies and settings
  • Attempts to disable UAC
  • Attempts to modify or disable Security Center warnings
  • Attempts to block SafeBoot use by removing registry keys
  • Anomalous binary characteristics
  • Attempts to modify Explorer settings to prevent hidden files from being displayed

How to determine Trojan-Dropper.Win32.Small.axz?



File Info:

crc32: 507C4DA0
md5: 591311eb0d8c2b2a786bf476b590019e
name: 591311EB0D8C2B2A786BF476B590019E.mlw
sha1: 69f718033043ae6861e62ef31c1bfeacdf7e530a
sha256: d30eacde54cc1bbf72aa957d67eaaa536648cbc95ea4120a999c719a38108417
sha512: e480f9615a253292c906a88068161c20740f6fcb179196d3ae93e15cdcf72518294d27215cd9501e5ba46d31d7d02712bd76b607ef0964798de27524ed323f5a
ssdeep: 3072:9SDADeak7dJHB/AdGIXfej8OzV0wyGl+vYldT7Lppos:9SsQLH5AdBfej8OZw6GYlx3ws
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan-Dropper.Win32.Small.axz also known as:

BkavW32.Sality.PE
K7AntiVirusVirus ( f10001021 )
Elasticmalicious (high confidence)
DrWebWin32.Sector.30
CynetMalicious (score: 100)
CAT-QuickHealW32.Sality.U
CylanceUnsafe
ZillyaVirus.Sality.Win32.25
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
K7GWVirus ( f10001021 )
Cybereasonmalicious.b0d8c2
BaiduWin32.Virus.Sality.gen
CyrenW32/Sality.gen2
SymantecW32.Sality.AE
ESET-NOD32Win32/Sality.NBA
APEXMalicious
AvastWin32:Sality [Inf]
ClamAVWin.Dropper.Alman-9840161-0
KasperskyTrojan-Dropper.Win32.Small.axz
BitDefenderWin32.Sality.3
NANO-AntivirusTrojan.Win32.Drop.vsmrk
ViRobotWin32.Sality.Gen.A
MicroWorld-eScanWin32.Sality.3
TencentVirus.Win32.TuTu.Gen.200004
Ad-AwareWin32.Sality.3
SophosML/PE-A + Mal/Sality-D
BitDefenderThetaAI:FileInfector.A5ECCBAB0E
VIPREVirus.Win32.Sality.atbh (v)
TrendMicroPE_SALITY.ER-O
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.cc
FireEyeGeneric.mg.591311eb0d8c2b2a
EmsisoftWin32.Sality.3 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDropper.Small.ba
AviraW32/Sality.AT
eGambitUnsafe.AI_Score_98%
Antiy-AVLTrojan/Generic.ASVirus.C4
KingsoftHeur.SSC.83760.0010.(kcloud)
MicrosoftVirus:Win32/Sality.AT
GDataWin32.Sality.3
TACHYONVirus/W32.Sality.D
AhnLab-V3Win32/Kashu.E
Acronissuspicious
McAfeeW32/Sality.gen.z
MAXmalware (ai score=83)
VBA32Virus.Win32.Sality.bakb
PandaW32/Sality.AA
TrendMicro-HouseCallPE_SALITY.ER-O
RisingMalware.Heuristic!ET#99% (RDMK:cmRtazo0SSuCCpjtJcVKgZD2JHKH)
YandexTrojan.GenAsa!n1OVohiFEa4
IkarusTrojan-Dropper.Agent
MaxSecureVirus.Sality.BH
FortinetW32/Sality.NBA
AVGWin32:Sality [Inf]

How to remove Trojan-Dropper.Win32.Small.axz?

Trojan-Dropper.Win32.Small.axz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment