Trojan

What is “Trojan.Generic.22913703”?

Malware Removal

The Trojan.Generic.22913703 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.22913703 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • A potential decoy document was displayed to the user
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • CAPE detected the njRat malware family

How to determine Trojan.Generic.22913703?



File Info:

name: 17104A169A9ABE6F7B50.mlw
path: /opt/CAPEv2/storage/binaries/c938e7af02580c36b0f94d2ead4e80ab7313742bc9b4186894a11206e1c59f2b
crc32: 9E53F31E
md5: 17104a169a9abe6f7b50f0ad2ac526e9
sha1: 0e96786a4bf3611306fc2ec406402ba87c840a60
sha256: c938e7af02580c36b0f94d2ead4e80ab7313742bc9b4186894a11206e1c59f2b
sha512: 1eb17e0dd67609446c68e154cc015afe53d52e06ced80c25ebaad7f158d5cb8c700a644f39b4d984d632e6ea1b767a481f263161eeeb2cd0fdeb006b657277df
ssdeep: 768:k+nDi2u75oa4fu124AqFjXeJBKh0p29SgReynz4MRhhhRKK+ZmNL8Y2DZ:675CPkj8KhG29jeyzd0bY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4A31902B6B5C91AC4AC2BB28454A95F6BF462034023DE2B7EC458EDFF732B71915F61
sha3_384: d408950603bc4672d92a70b011982a6eabc6c5c07638364c010951641353125be523018c7a813daa365f394cb3c57a8e
ep_bytes: ff250020400000000000000000000000
timestamp: 2018-04-11 15:08:28


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: libya.CT
LegalCopyright:  
OriginalFilename: libya.CT
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan.Generic.22913703 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.22913703
FireEyeGeneric.mg.17104a169a9abe6f
ALYacTrojan.Generic.22913703
MalwarebytesMalware.AI.4020198125
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0051c2441 )
K7GWTrojan ( 0051c2441 )
Cybereasonmalicious.69a9ab
BitDefenderThetaGen:NN.ZemsilF.34084.gm0@aqOSutb
CyrenW32/MSIL_Bladabindi.AS.gen!Eldorado
SymantecBackdoor.Ratenjay
ESET-NOD32a variant of MSIL/TrojanDropper.Binder.CA
BaiduMSIL.Trojan-Dropper.Binder.a
TrendMicro-HouseCallTROJ_BINDER.SMA
ClamAVWin.Packed.Bladabindi-7086597-0
KasperskyBackdoor.MSIL.Agent.qef
BitDefenderTrojan.Generic.22913703
NANO-AntivirusTrojan.Win32.Agent.dzsrep
AvastMSIL:Agent-BXF [Trj]
Ad-AwareTrojan.Generic.22913703
EmsisoftTrojan.Generic.22913703 (B)
ComodoTrojWare.MSIL.Spy.Agent.EF@4r4nna
DrWebTrojan.DownLoader29.12505
VIPREBackdoor.MSIL.Bladabindi.a (v)
TrendMicroTROJ_BINDER.SMA
McAfee-GW-EditionBehavesLike.Win32.Generic.cz
SentinelOneStatic AI – Malicious PE
SophosML/PE-A + Troj/dnsauce-B
APEXMalicious
GDataTrojan.Generic.22913703
AviraTR/ATRAPS.Gen
MicrosoftBackdoor:MSIL/Bladabindi.AJ
CynetMalicious (score: 100)
McAfeeTrojan-FJWT!17104A169A9A
MAXmalware (ai score=84)
VBA32Trojan.MSIL.Disfa
CylanceUnsafe
RisingBackdoor.Njrat!1.9E49 (CLASSIC)
IkarusTrojan-Dropper.MSIL
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Dropper_Binder.BS!tr
AVGMSIL:Agent-BXF [Trj]
CrowdStrikewin/malicious_confidence_90% (D)

How to remove Trojan.Generic.22913703?

Trojan.Generic.22913703 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment