Trojan.EmotePMF.S15541450 malicious file

The Trojan.EmotePMF.S15541450 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.EmotePMF.S15541450 virus can do?

Executable code extraction
Creates RWX memory
Mimics the system’s user agent string for its own requests
Expresses interest in specific running processes
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Attempts to modify proxy settings

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan.EmotePMF.S15541450?


File Info:
crc32: C13044A1
md5: efac7cb05574bd6682510da1556d413e
name: upload_file
sha1: b893d32043edbaf45b9a70db0a67d28ff3f05e43
sha256: 45a0e34a97ac839f5fbf8b8e48e9b8a623e87a7f37000fda3192581e8202d444
sha512: 7df3f43fc5f0a4103a24fc026a4c56cbcfbfa16abfa16e5d974784e1f92451830b5ed43ffb7ae5f0a82cd1df3c5eb859109064590ea483c0b4aac0bbca8136db
ssdeep: 6144:1LHsfMZz0e/aVq6XX4jYDRbqzN7u/mHYzPccld5b2IOIQlNtGZknCvuVbo:1jsMAe/aVdXXsYFbqp7dPJVM
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 2006
InternalName: oscilloscope
FileVersion: 2, 0, 0, 0
CompanyName: Waikato University
PrivateBuild: 
LegalTrademarks: 
Comments: Modified by Cyril COMTE
ProductName: Waikato University oscilloscope-compressor
SpecialBuild: 
ProductVersion: 2, 0, 0, 0
FileDescription: oscilloscope-compressor
OriginalFilename: oscilloscope.exe->compressor
Translation: 0x1409 0x04b0

Trojan.EmotePMF.S15541450 also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.69658
FireEye	Trojan.GenericKDZ.69658
CAT-QuickHeal	Trojan.EmotePMF.S15541450
Qihoo-360	Win32/Backdoor.9b6
ALYac	Trojan.GenericKDZ.69658
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKDZ.69658
K7GW	Riskware ( 0040eff71 )
TrendMicro	TROJ_GEN.R002C0DHN20
Cyren	W32/Emotet.AQV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 85)
Kaspersky	Backdoor.Win32.Emotet.cjry
Alibaba	Trojan:Win32/Emotet.640ce1c3
NANO-Antivirus	Trojan.Win32.Emotet.hrygxr
AegisLab	Trojan.Win32.Emotet.L!c
Tencent	Malware.Win32.Gencirc.10cdec3d
Ad-Aware	Trojan.GenericKDZ.69658
F-Secure	Trojan.TR/Emotet.whnwb
DrWeb	Trojan.Emotet.1004
Zillya	Trojan.Emotet.Win32.24756
Invincea	Mal/Generic-R + Troj/Emotet-CLO
Sophos	Troj/Emotet-CLO
Jiangmin	Backdoor.Emotet.sm
Avira	TR/Emotet.whnwb
MAX	malware (ai score=82)
Antiy-AVL	Trojan[Backdoor]/Win32.Emotet
Microsoft	Trojan:Win32/Emotet.ARJ!MTB
Arcabit	Trojan.Generic.D1101A
ZoneAlarm	Backdoor.Win32.Emotet.cjry
GData	Trojan.GenericKDZ.69658
AhnLab-V3	Malware/Win32.Generic.C4185182
McAfee	Emotet-FRV!EFAC7CB05574
TACHYON	Trojan/W32.Agent.374272.JT
VBA32	TrojanBanker.Emotet
Malwarebytes	Trojan.MalPack.TRE
Panda	Trj/Genetic.gen
ESET-NOD32	Win32/Emotet.CD
TrendMicro-HouseCall	TrojanSpy.Win32.EMOTET.SMTHH.hp
Rising	Trojan.Kryptik!1.CAF3 (CLASSIC)
Yandex	Trojan.Emotet!
Ikarus	Trojan-Banker.Emotet
Fortinet	W32/Emotet.F4A9!tr
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
MaxSecure	Trojan.Malware.105895046.susgen

How to remove Trojan.EmotePMF.S15541450?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan.EmotePMF.S15541450 malicious file