Fake Trojan

Trojan.FakePdf.990A (file analysis)

Malware Removal

The Trojan.FakePdf.990A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.FakePdf.990A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Indonesian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Mimics icon used for popular non-executable file format

How to determine Trojan.FakePdf.990A?



File Info:

name: F74E755D3AFE1EA09E80.mlw
path: /opt/CAPEv2/storage/binaries/45f2ed92a48d892a865ccba7eb0c177f0831c9d990396475e6b038bb7c527f46
crc32: 08C600B8
md5: f74e755d3afe1ea09e80cde6fd4af988
sha1: 2cd9972b3cd61eb4d64ee91f42c93eca32c0a49f
sha256: 45f2ed92a48d892a865ccba7eb0c177f0831c9d990396475e6b038bb7c527f46
sha512: f15492f3b1c8d75fdc1c9124dbd3ed3f55ca76acad73e9d32a22bdba0cc673999e8051c8b2b942583bd55f25ffb9913a8c71f2fc9cab8996ac42de27c4a24522
ssdeep: 1536:NkM/766pJ6rbELZLJw1g+91ZHfquIrdaC2z:NLD6Zboq1g+97/GdaC2z
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17243F51374E288B5DED14F7046A54A855A62EE267FB4F4CB2FC4724DAB333D01CAA712
sha3_384: 6e5d5cf9646d4e0e036f7c87b89557e17e59df9f819ec225d80e69593649c7d83b5f172bec702f4080ce0429c96cf41a
ep_bytes: 6a6068f0854000e8682a0000e95fe400
timestamp: 2014-05-02 23:19:16


Version Info:

FileDescription: AlenOS
InternalName: AlenOS Utility
FileVersion: 1.0.8.3
CompanyName: AlenOS
LegalCopyright: Copyright 2014-2015 Arondos
OriginalFilename: Alen.exe
ProductName: AlenOS
ProductVersion: 1.0.8.3
Translation: 0x0421 0x04b1

Trojan.FakePdf.990A also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Ipatre.1
FireEyeGeneric.mg.f74e755d3afe1ea0
CAT-QuickHealTrojanDownloader.Upatre.A4
McAfeeUpatre-FADK!F74E755D3AFE
Cylanceunsafe
K7GWTrojan ( 004f2eda1 )
K7AntiVirusTrojan ( 004f2eda1 )
BitDefenderThetaGen:NN.ZexaF.36196.du0@aScrROeG
VirITTrojan.Win32.Dropper.QF
CyrenW32/Kryptik.JIS.gen!Eldorado
SymantecDownloader.Upatre
ESET-NOD32a variant of Win32/Kryptik.DWEK
ZonerTrojan.Win32.35613
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.Ipatre.1
NANO-AntivirusTrojan.Win32.Upatre.dwskyl
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Kryptik.ke
TACHYONTrojan/W32.Agent.59904.AIP
SophosMal/Upatre-V
BaiduWin32.Trojan.Kryptik.lx
DrWebTrojan.Inject1.54688
VIPREGen:Trojan.Ipatre.1
TrendMicroTROJ_UPATRE.SMDG
McAfee-GW-EditionBehavesLike.Win32.Generic.qh
Trapminemalicious.high.ml.score
EmsisoftGen:Trojan.Ipatre.1 (B)
IkarusTrojan.Upatre
GDataGen:Trojan.Ipatre.1
JiangminTrojan.Generic.hqgpu
Antiy-AVLTrojan/Win32.BTSGeneric
XcitiumTrojWare.Win32.TrojanDownloader.Waski.ND@5tetcs
ArcabitTrojan.Ipatre.1
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojanDownloader:Win32/Upatre
GoogleDetected
AhnLab-V3Trojan/Win.Generic.C5390118
VBA32Trojan.FakePdf.990A
ALYacGen:Trojan.Ipatre.1
MAXmalware (ai score=83)
MalwarebytesMalware.AI.842746388
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_UPATRE.SMDG
RisingTrojan.DL.Win32.Waski.dm (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Wacatac.B!tr
AVGWin32:TrojanX-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan.FakePdf.990A?

Trojan.FakePdf.990A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment