Trojan

Trojan.Generic.31709384 (file analysis)

Malware Removal

The Trojan.Generic.31709384 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Generic.31709384 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Attempts to modify Internet Explorer’s start page
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Trojan.Generic.31709384?


File Info:

name: 10A5737A7E9D0E1AA392.mlw
path: /opt/CAPEv2/storage/binaries/0691e6d51ae4a612e1d0a71313decb09855997853d4ef098e49ff17deea90a39
crc32: 6ED57AB4
md5: 10a5737a7e9d0e1aa392d560a9cd2de0
sha1: 0b53af74b6e67cbfb2733324002ee9af65208332
sha256: 0691e6d51ae4a612e1d0a71313decb09855997853d4ef098e49ff17deea90a39
sha512: cb5c61803744d024c93401401a692baefacac8657e6b252017f205205a04977e5bb18d591f63582c22f0c25f29ddcaa3b90040c8e5e999d102f5343226e0cdb0
ssdeep: 24576:coNuV4iKkAQz63Lb7oliIuZjJA3WiPvgyEsDrRP/s+6v3FVa1TH4pq/2LITDMt:ctfzCRZVA3JgQNm3nhA2LI/Mt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17675BE13A69184B2D32A06710AB6E33DBD389F450D20DE97D7E0DDB63D722A19B3B11D
sha3_384: e3dc78079fc0ccfdfb935f5e9502ac8dbeebeb6df1ebb701a6c273f8a1ae51a74c7b8837c770cced0cc8619cdf4d8b8d
ep_bytes: 558bec6aff68008255006894634b0064
timestamp: 2014-10-16 17:33:51

Version Info:

FileVersion: 2.3.2010.8
FileDescription: 言午科技
ProductName: 言午科技
ProductVersion: 2.3.2010.8
CompanyName: 言午
LegalCopyright: 言午科技
Comments: 言午科技
Translation: 0x0804 0x04b0

Trojan.Generic.31709384 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Scar.mip4
Elasticmalicious (high confidence)
DrWebWin32.HLLW.Unjap.41
MicroWorld-eScanTrojan.Generic.31709384
FireEyeGeneric.mg.10a5737a7e9d0e1a
McAfeeArtemis!10A5737A7E9D
CylanceUnsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 005246d51 )
AlibabaAdWare:Win32/FlyStudio.4de004d0
K7GWTrojan ( 005246d51 )
CrowdStrikewin/malicious_confidence_70% (D)
ArcabitTrojan.Generic.D1E3D8C8
BitDefenderThetaGen:NN.ZexaF.34682.Kr0@a4XdFJdb
CyrenW32/OnlineGames.HH.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/FlyStudio.HackTool.A potentially unwanted
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Generic-9753029-0
Kasperskynot-a-virus:AdWare.Win32.Agent.gen
BitDefenderTrojan.Generic.31709384
AvastWin32:Malware-gen
RisingTrojan.Generic@AI.96 (RDML:+/4wg0wCE1FEVV9eAYJNLA)
Ad-AwareTrojan.Generic.31709384
EmsisoftTrojan.Generic.31709384 (B)
ComodoTrojWare.Win32.Agent.OSCF@5rs7jr
BaiduWin32.Trojan-PSW.QQPass.p
VIPRETrojan.Generic.31709384
TrendMicroTROJ_GEN.R002C0RII22
McAfee-GW-EditionBehavesLike.Win32.Generic.th
Trapminesuspicious.low.ml.score
SophosTroj/Agent-BDTR
SentinelOneStatic AI – Malicious PE
GoogleDetected
AviraTR/Black.Gen2
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASCommon.FA
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataWin32.Application.PSE.1DNV50E
CynetMalicious (score: 100)
VBA32BScope.Trojan.Patched
ALYacTrojan.Generic.31709384
MalwarebytesTrojan.MalPack.FlyStudio
TrendMicro-HouseCallTROJ_GEN.R002C0RII22
TencentWin32.AdWare.Agent.Qzfl
YandexRiskware.Gamehack!DwhpapWrvYM
IkarusPUA.BlackMoon
FortinetW32/CoinMiner.65CA!tr
AVGWin32:Malware-gen
Cybereasonmalicious.4b6e67

How to remove Trojan.Generic.31709384?

Trojan.Generic.31709384 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment