Trojan

Trojan.Generic.31398701 (B) removal guide

Malware Removal

The Trojan.Generic.31398701 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.31398701 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan.Generic.31398701 (B)?



File Info:

name: 78B4A92EC90B878E9191.mlw
path: /opt/CAPEv2/storage/binaries/1e8655e49e8b6127d66e9e5e5eb56be84555d0db0ec5456cef236bc6d9f82664
crc32: 4918D570
md5: 78b4a92ec90b878e919163c82eb0c0c2
sha1: c5fb6c8a1a9d6c4fe61433d72a46b1596d67f492
sha256: 1e8655e49e8b6127d66e9e5e5eb56be84555d0db0ec5456cef236bc6d9f82664
sha512: 5d38f28c0108874de001e373913c70fa453090b02d2ff478ad13e7a78cfb75b84f82a6b39487ecf604b304be1a9c19d821f458543f659e3c506de1209db47ee5
ssdeep: 12288:zco398Nb9ZsbxCIRnwuRtVH7jUkcaqkOzWKiKx1DLSpq:zcm7jw+tVHvTMzWKbnDgq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1018512529B184868FB6C1B359802F6E540A59D3EA4D5F82FF03CBD3E69321875A7324F
sha3_384: 66e2b2a0ad785a2df71373595549e445fdb722313630d2c526896cd8735e04af4b1e45e4af58ae243542821476aed6ab
ep_bytes: 60e80000000058055a0b00008b3003f0
timestamp: 2012-11-06 10:57:03


Version Info:

CompanyName: Samsung Urban
FileDescription: Ultead Video
FileVersion: 1, 0, 0, 85
InternalName: Jghdfsfd Porker
LegalCopyright: Copyright (C) 2012
OriginalFilename: Maggo Play
ProductName: Gtsfwe
ProductVersion: 1, 0, 0, 85
Translation: 0x0412 0x04b0

Trojan.Generic.31398701 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.78b4a92ec90b878e
CAT-QuickHealTrojan.Gupboot.B.mue
McAfeeGeneric BackDoor.aeu
CylanceUnsafe
ZillyaTrojan.Urelas.Win32.90
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004da1581 )
K7GWTrojan ( 004da1581 )
Cybereasonmalicious.ec90b8
ArcabitTrojan.Generic.D1DF1B2D
BaiduWin32.Rootkit.Agent.s
CyrenW32/Xpack.D.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.AR
APEXMalicious
ClamAVWin.Trojan.Agent-1139021
KasperskyRootkit.Win32.Plite.pvd
BitDefenderTrojan.Generic.31398701
NANO-AntivirusTrojan.Win32.AVKill.cmtium
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
MicroWorld-eScanTrojan.Generic.31398701
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10cefbff
Ad-AwareTrojan.Generic.31398701
EmsisoftTrojan.Generic.31398701 (B)
ComodoTrojWare.Win32.GupBoot.BFC@5szi8p
DrWebTrojan.AVKill.24829
VIPRETrojan.Win32.Urelas.b (v)
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.tt
SophosML/PE-A + Troj/Backdr-IJ
IkarusTrojan.BAT.Agent
JiangminRootkit.Plite.o
eGambitUnsafe.AI_Score_98%
AviraTR/Crypt.XPACK.Gen3
Antiy-AVLTrojan/Generic.ASMalwS.2B8365
KingsoftHeur.SSC.2777335.1216.(kcloud)
MicrosoftTrojan:Win32/Gupboot.B
ZoneAlarmRootkit.Win32.Plite.pvd
GDataWin32.Trojan.PSE.1EENH8U
AhnLab-V3Trojan/Win32.Wecod.R41369
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34182.OnxaaaBmXpcO
MAXmalware (ai score=89)
VBA32Rootkit.Plite
MalwarebytesMalware.AI.2087708938
RisingTrojan.Agent!1.9D23 (RDMK:cmRtazoIEONXRSKbdY7bBI6sgMqS)
YandexTrojan.GenAsa!fWGIDzv5BFM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Plite.RTK!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Generic.31398701 (B)?

Trojan.Generic.31398701 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment