Trojan

Should I remove “Trojan.Generic.31401099 (B)”?

Malware Removal

The Trojan.Generic.31401099 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.31401099 (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Korean
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • A process attempted to delay the analysis task by a long amount of time.
  • Created a process from a suspicious location
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Generic.31401099 (B)?



File Info:

name: 81330E86DADE321295B3.mlw
path: /opt/CAPEv2/storage/binaries/474239de85a5f014a84c532f4c5fc2b56e4f3e5757fae7a5f02df99a9b0f98f3
crc32: DAB26AAA
md5: 81330e86dade321295b33eae563c67c3
sha1: 2f50621919cad589f8d8dc30375836233e3ba49c
sha256: 474239de85a5f014a84c532f4c5fc2b56e4f3e5757fae7a5f02df99a9b0f98f3
sha512: 028b2da7aaf2b5023c4fb1025318540b79d3b68591c177ba0ceda037395113d993620b9e008685bbd1a23e37633dad933ce1f37bf1a04bb2c443ae49fb0ab331
ssdeep: 12288:rco398Nb9ZsbxCIRnwuRtVH7jUkcaqkOzWKiKx1DLSpq:rcm7jw+tVHvTMzWKbnDgq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D37512529B184858FB6C1B359802F6E540A59D3EA4D5F82FF03CBD3E69321876A7324F
sha3_384: acecff4b22f11f00759c2561c67fa632bfa638764e780693f04ad6f1b527763a8b8be6f521cad52adc27ea0787792a6b
ep_bytes: 60e80000000058055a0b00008b3003f0
timestamp: 2012-11-06 10:57:03


Version Info:

CompanyName: Samsung Urban
FileDescription: Ultead Video
FileVersion: 1, 0, 0, 85
InternalName: Jghdfsfd Porker
LegalCopyright: Copyright (C) 2012
OriginalFilename: Maggo Play
ProductName: Gtsfwe
ProductVersion: 1, 0, 0, 85
Translation: 0x0412 0x04b0

Trojan.Generic.31401099 (B) also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.31401099
FireEyeGeneric.mg.81330e86dade3212
CAT-QuickHealTrojan.Gupboot.B.mue
McAfeeGeneric BackDoor.aeu
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004da1581 )
BitDefenderTrojan.Generic.31401099
K7GWTrojan ( 004da1581 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Rootkit.Agent.s
VirITBackdoor.Win32.Generic.BVHO
CyrenW32/Xpack.D.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.AR
APEXMalicious
ClamAVWin.Trojan.Agent-1139021
KasperskyRootkit.Win32.Plite.pvd
NANO-AntivirusTrojan.Win32.AVKill.cmtium
RisingTrojan.Agent!1.9D23 (RDMK:cmRtazp4lEJLLDa8sHySEsPobVWg)
SophosML/PE-A + Troj/Backdr-IJ
ComodoTrojWare.Win32.GupBoot.BFC@5szi8p
DrWebTrojan.AVKill.24829
VIPRETrojan.Win32.Urelas.b (v)
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.tt
EmsisoftTrojan.Generic.31401099 (B)
IkarusTrojan.BAT.Agent
JiangminRootkit.Plite.o
MaxSecureTrojan.Malware.121218.susgen
AviraTR/Crypt.XPACK.Gen3
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.2B8365
KingsoftHeur.SSC.2777335.1216.(kcloud)
MicrosoftTrojan:Win32/Gupboot.B
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
ZoneAlarmRootkit.Win32.Plite.pvd
GDataWin32.Trojan.PSE.1EENH8U
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Wecod.R41369
BitDefenderThetaGen:NN.ZexaF.34182.Fnxaa4mLh8oO
ALYacGenPack:Generic.Urelas.55C0ED56
VBA32Rootkit.Plite
MalwarebytesMalware.AI.2087708938
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10b07955
YandexTrojan.GenAsa!fWGIDzv5BFM
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_99%
FortinetW32/Plite.RTK!tr
AVGWin32:Malware-gen
Cybereasonmalicious.6dade3
AvastWin32:Malware-gen

How to remove Trojan.Generic.31401099 (B)?

Trojan.Generic.31401099 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment