Trojan

Trojan.Generic.15591112 (B) removal

Malware Removal

The Trojan.Generic.15591112 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.15591112 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan.Generic.15591112 (B)?



File Info:

name: 7F378448C140D4F91262.mlw
path: /opt/CAPEv2/storage/binaries/41a2b7d0e3d96a97bbbbfd8c09c76e12234fec8acb82f552aed842d4489148d3
crc32: C803BD15
md5: 7f378448c140d4f91262115615dac94f
sha1: 83152fdd806e0ea58b4b07bada079e7d147a6388
sha256: 41a2b7d0e3d96a97bbbbfd8c09c76e12234fec8acb82f552aed842d4489148d3
sha512: 7adde377cea50a3af9dbfa6a54d9db5982bcf59f80eccd5c8a8c0676f8ed9ab58033391dd1283e221733e820caac10def960a7a5df692f40e40dee2989bbff7d
ssdeep: 12288:VHjcoe9PH96vB/fAuBcm9TyOE/xG3muGx44MG4Yx:VDgINfAuBcgcZG2uG24MG4Y
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EA351212A6005888F70E0B706946F8E04A99DDBD58D9F50EF5BCBE37A8360579EB740F
sha3_384: 39397066a71535045cb650c20ccfdaba804fec61f131fe484bd139aafe00523b500a9095efdcdb8bc06d0618e771fbda
ep_bytes: 60e80000000058055a0b00008b3003f0
timestamp: 2012-11-09 07:14:38


Version Info:

CompanyName: Apple
FileDescription: Apple iCloud
FileVersion: 1, 0, 0, 85
InternalName: Apple New Ipad
LegalCopyright: Copyright (C) 2012
OriginalFilename: app stroe
ProductName: Apple iPad
ProductVersion: 1, 0, 0, 85
Translation: 0x0412 0x04b0

Trojan.Generic.15591112 (B) also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanTrojan.Generic.15591112
FireEyeGeneric.mg.7f378448c140d4f9
CAT-QuickHealTrojan.Gupboot.B.mue
McAfeeGeneric BackDoor.zw
MalwarebytesTrojan.Urelas
ZillyaTrojan.Urelas.Win32.98
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderTrojan.Generic.15591112
K7GWTrojan ( 004da1581 )
Cybereasonmalicious.8c140d
BaiduWin32.Rootkit.Agent.s
VirITTrojan.Win32.Generic.CDAZ
CyrenW32/Xpack.D.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Urelas.AR
APEXMalicious
ClamAVWin.Trojan.Urelas-6997280-0
KasperskyRootkit.Win32.Plite.pvf
NANO-AntivirusTrojan.Win32.AVKill.cmxsfa
RisingTrojan.Agent!1.9D23 (RDMK:cmRtazoqAEAhJOmb3NS1Fy57V7bJ)
SophosML/PE-A + Troj/Gupboot-C
ComodoTrojWare.Win32.Gupboot.AD@8mgdy0
DrWebTrojan.AVKill.25437
VIPRETrojan.Win32.Urelas.b (v)
TrendMicroTROJ_SPNR.30CE13
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.tt
EmsisoftTrojan.Generic.15591112 (B)
IkarusTrojan.Win32.Urelas
JiangminBackdoor.Generic.cgfj
AviraTR/Crypt.XPACK.ncr
Antiy-AVLTrojan/Generic.ASMalwS.2C41F5
KingsoftHeur.SSC.2672588.1216.(kcloud)
MicrosoftTrojan:Win32/Gupboot.B
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
GDataWin32.Trojan.PSE.1WIQGLX
AhnLab-V3Trojan/Win32.Wecod.R41369
BitDefenderThetaGen:NN.ZexaF.34182.bnxaaO0OE1gO
ALYacTrojan.Generic.15591112
MAXmalware (ai score=80)
VBA32Trojan.Packed
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_SPNR.30CE13
TencentTrojan.Win32.Agent.afj
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Generic.AC.28C4AD!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen

How to remove Trojan.Generic.15591112 (B)?

Trojan.Generic.15591112 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment