Trojan

Trojan.Dropper.ZMD removal

Malware Removal

The Trojan.Dropper.ZMD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Dropper.ZMD virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Attempted to write directly to a physical drive
  • Attempts to create or modify system certificates
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Dropper.ZMD?



File Info:

name: 0AA14CADD0CC13D6FB3C.mlw
path: /opt/CAPEv2/storage/binaries/0f8cda85dfdb1324f8bc295a2f6e9d565e8c52a992b191324703fe707c365c7e
crc32: C681C890
md5: 0aa14cadd0cc13d6fb3c96906fd28218
sha1: 4dc14fcd15ff3851489789bef1fc8d9a3ea47db6
sha256: 0f8cda85dfdb1324f8bc295a2f6e9d565e8c52a992b191324703fe707c365c7e
sha512: 232bf1d42a7eff630ffa0db384e7e5af23e866dc3cce5122a6ef10173b70aaf779bb5d49233b7676f5f2207130addffaed9229091dabfb8a87655134143ca792
ssdeep: 98304:WjINUurgRvBMpSsW/klOEtm4oQdSUBWEIp2m8ZEwAcPNTnxuaPC:WjsUeCvipjbH9wUBW9d8ZEwAMnxup
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC2633CABFCB1433DCAAC23945789A32AC3A79F4DA60B6515F50A9050499CCF7501FBB
sha3_384: a7a08998e30b3d2e1c401e673f16d6b6b1da8c6439ce36db1cf8744438e1246709f6699888b204e73a8b101575f78340
ep_bytes: 81ecd4020000535556576a2033ed5e89
timestamp: 2012-02-24 19:20:04


Version Info:

FileDescription: 
FileVersion: 0.0.0
LegalCopyright: 
ProductVersion: 0.0.0
Translation: 0x0000 0x04b0

Trojan.Dropper.ZMD also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Upatre.a!c
Elasticmalicious (high confidence)
DrWebTool.SilentInstaller.8
MicroWorld-eScanTrojan.Dropper.ZMD
McAfeeArtemis!0AA14CADD0CC
CylanceUnsafe
ZillyaTrojan.Coins.Win32.5621
SangforTrojan.Win32.Upatre.vho
K7AntiVirusTrojan ( 0057107a1 )
AlibabaTrojanDownloader:Win32/Upatre.a4641140
K7GWTrojan ( 0057107a1 )
Cybereasonmalicious.dd0cc1
CyrenW32/Trojan.RJLG-5129
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.SilentInstallBuilder.A suspicious
TrendMicro-HouseCallTROJ_GEN.R002C0DGR21
Paloaltogeneric.ml
ClamAVWin.Malware.Upatre-9829421-0
KasperskyHEUR:Trojan-Downloader.Win32.Upatre.vho
BitDefenderTrojan.Dropper.ZMD
NANO-AntivirusRiskware.Win32.SilentInstaller.ichexi
AvastNSIS:BundlerX-gen [PUP]
Ad-AwareTrojan.Dropper.ZMD
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0DGR21
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
FireEyeTrojan.Dropper.ZMD
EmsisoftTrojan.Dropper.ZMD (B)
GDataTrojan.Dropper.ZMD
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1139239
Antiy-AVLTrojan/Generic.ASSuf.3C69E
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojanDownloader:Win32/Upatre
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Wacatac.R353512
VBA32TrojanDownloader.Upatre
ALYacTrojan.Dropper.ZMD
MAXmalware (ai score=84)
MalwarebytesMalware.AI.4054747450
APEXMalicious
FortinetRiskware/Upatre
AVGNSIS:BundlerX-gen [PUP]
PandaTrj/CI.A
MaxSecureTrojan.Malware.74634442.susgen

How to remove Trojan.Dropper.ZMD?

Trojan.Dropper.ZMD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment