Trojan

Trojan.Generic.31338865 removal

Malware Removal

The Trojan.Generic.31338865 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.31338865 virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Trojan.Generic.31338865?



File Info:

name: 050F516BFC8A0D139684.mlw
path: /opt/CAPEv2/storage/binaries/bc24575961c764af54ba60f91d342d139ac806112b0317587394b96328552e55
crc32: 38F5497E
md5: 050f516bfc8a0d139684e914f6687fd7
sha1: a6f0bcabe3549a7ed4041a97c6de4170fafc8b49
sha256: bc24575961c764af54ba60f91d342d139ac806112b0317587394b96328552e55
sha512: 2723880e95b5487dbbc00cd9e5649044120816f1b275040dcb840a4e017febbf45754d7cca8f9a4571fa76189776dbf7eb2fefd498b69a6538a3ef5aee29843a
ssdeep: 98304:9u7rEnpVopOdEHb+BZ1H4kSDnN8nCsONCRUk7Pl601U197t3iCsRNP+Pc:9GrAoNHb+BZixDuNRXjl8197t3iCsKP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D6623A733AF408DE4F4C4718627BE8172BB16A5AF83A67844F5CCD1B523D8C9346663
sha3_384: 0956159f9183a2aa24807a9e0f8ece3f909696dc2f8c38cc7a35b58cd66ef964e7ef3c1d84b3009091b0b100ffa51a40
ep_bytes: 682c31001be88ad1420081ff9939f16d
timestamp: 2021-12-20 08:36:50


Version Info:

0: [No Data]

Trojan.Generic.31338865 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.31338865
FireEyeGeneric.mg.050f516bfc8a0d13
McAfeeArtemis!050F516BFC8A
CylanceUnsafe
SangforAdware.Win32.Generic.ky
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaAdWare:Win32/VMProtBad.fbab5d86
K7GWTrojan ( 7000001c1 )
K7AntiVirusTrojan ( 7000001c1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.DKUZOXA
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:HEUR:AdWare.Win32.Generic
BitDefenderTrojan.Generic.31338865
AvastWin32:AdwareX-gen [Adw]
TencentWin32.Trojan.Generik.Bxv
Ad-AwareTrojan.Generic.31338865
SophosMal/Generic-R + Mal/VMProtBad-A
ZillyaTrojan.Generic.Win32.1640650
TrendMicroTROJ_GEN.R002C0RDI22
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
EmsisoftTrojan.Generic.31338865 (B)
IkarusTrojan.Crypt
GDataTrojan.Generic.31338865
JiangminAdWare.Generic.wnqu
AviraTR/Crypt.XPACK.Gen
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4943924
BitDefenderThetaGen:NN.ZexaF.34638.@RW@a0SCKKgb
ALYacTrojan.Generic.31338865
MAXmalware (ai score=81)
VBA32TScope.Malware-Cryptor.SB
TrendMicro-HouseCallTROJ_GEN.R002C0RDI22
RisingTrojan.Generic@AI.99 (RDML:XYOnHg0iV93+30sCd7FMUw)
YandexPUA.Agent!ADbrX9yb5DU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.12116207.susgen
FortinetPossibleThreat.PALLAS.H
AVGWin32:AdwareX-gen [Adw]
PandaTrj/CI.A

How to remove Trojan.Generic.31338865?

Trojan.Generic.31338865 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment