Fake Trojan

Should I remove “Trojan.FakePdf.1907”?

Malware Removal

The Trojan.FakePdf.1907 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.FakePdf.1907 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan.FakePdf.1907?



File Info:

name: 7A7099A3D1BF2544902F.mlw
path: /opt/CAPEv2/storage/binaries/6849ebfe4949693232169384473377cbc42656aab3680e345c3a42dec8bb5be9
crc32: A7039B22
md5: 7a7099a3d1bf2544902f941c081933dd
sha1: a51f6689b6105d13369d585b72ef623e65fc72ff
sha256: 6849ebfe4949693232169384473377cbc42656aab3680e345c3a42dec8bb5be9
sha512: 6d37effbf7b6ac50df8d151197c0d242b630d5fc0360ba221a4c2ed37664bd5332a56b4ae1a7f59eb90271c3cdbe9647642743d44d1b93524c57090e4fae84da
ssdeep: 1536:AEsBuoFn7UZ+LtdgI2MyzNORQtOflIwoHNV2XBFV72B4lA7Zsb3Md:AEjot7UQLtdgI2MyzNORQtOflIwoHNVR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BE231820B6C494F5F4231137F8BAE2E4692A7D42B6B1444E3B893E694FF3381756532B
sha3_384: bfe9a59475e5b921d89bc4df7cde49b2bc1eef0931eddb47c594f4393a070b119e871aeda9def3ff7a7c76dbc022fc6d
ep_bytes: e8dd130000e989feffff8bff558bec8b
timestamp: 2013-09-09 15:27:18


Version Info:

0: [No Data]

Trojan.FakePdf.1907 also known as:

Elasticmalicious (high confidence)
DrWebTrojan.DownLoad3.28507
ClamAVWin.Trojan.Bublik-333
CAT-QuickHealTrojanDownloader.Upatre.A4
McAfeePWSZbot-FFC!7A7099A3D1BF
CylanceUnsafe
ZillyaTrojan.Bublik.Win32.12086
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00456a071 )
K7GWTrojan-Downloader ( 00456a071 )
Cybereasonmalicious.3d1bf2
BitDefenderThetaAI:Packer.A8C5642421
CyrenW32/Trojan.LVLP-6300
SymantecDownloader
ESET-NOD32Win32/TrojanDownloader.Small.PRL
TrendMicro-HouseCallTROJ_UPATRE.AD
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Downloader.Agent.ABOF
NANO-AntivirusTrojan.Win32.DownLoad3.cjxxfh
MicroWorld-eScanTrojan.Downloader.Agent.ABOF
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b9e6c6
Ad-AwareTrojan.Downloader.Agent.ABOF
EmsisoftTrojan.Downloader.Agent.ABOF (B)
ComodoTrojWare.Win32.Kryptik.BKB@543i9l
BaiduWin32.Trojan-Downloader.Small.ce
VIPRETrojan.Win32.Cutwail.b (v)
TrendMicroTROJ_UPATRE.AD
McAfee-GW-EditionBehavesLike.Win32.Generic.ph
FireEyeGeneric.mg.7a7099a3d1bf2544
SophosML/PE-A + Troj/Zbot-GFU
IkarusTrojan.Win32.Bublik
GDataWin32.Trojan-Downloader.Upatre.BJ
JiangminTrojan/Bublik.fxd
eGambitUnsafe.AI_Score_93%
AviraTR/Dldr.Upatre.A.19
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.41E22B
ArcabitTrojan.Downloader.Agent.ABOF
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
MicrosoftTrojanDownloader:Win32/Upatre.A
AhnLab-V3Trojan/Win32.Zbot.C195331
Acronissuspicious
VBA32Trojan.FakePdf.1907
ALYacTrojan.Downloader.Agent.ABOF
MalwarebytesTrojan.Email.FA
APEXMalicious
RisingMalware.Heuristic!ET#98% (RDMK:cmRtazrZ0aJ4Ck19+xDTY+mxmQms)
YandexTrojan.GenAsa!XQUTxwVCf/s
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Small.PRL!tr
WebrootTrojan.Dropper.Gen
AVGWin32:Trojan-gen
PandaTrj/Tepfer.B
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.FakePdf.1907?

Trojan.FakePdf.1907 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment