Trojan

Trojan.Generic.5327020 (file analysis)

Malware Removal

The Trojan.Generic.5327020 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.5327020 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Starts servers listening on 0.0.0.0:0
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan.Generic.5327020?



File Info:

name: 241ED17520B9C9FF790D.mlw
path: /opt/CAPEv2/storage/binaries/4ae8737f201e69135dd27b1c306573f3893c66926b610dfb6f45b552943e737b
crc32: 00EB3111
md5: 241ed17520b9c9ff790df6aae874b00f
sha1: d481bb37c22e0544212d5a4cc704f6af12f1e519
sha256: 4ae8737f201e69135dd27b1c306573f3893c66926b610dfb6f45b552943e737b
sha512: d7b501e229361162d3c2b904044e656df2aacedc4d2b04fdc3e36b370d11274494464c261cf4dd403e32d26f10faba1dac3a5b7771c77791b0aead780214bb53
ssdeep: 12288:HSuKJ7Jb5a/cfzyqLKiPn7akraTQNKH0+pIzKX:yuKJ7Dasd7zaXU+x
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11BC42377BBA88B9DE786C070694F4FA81458C9C6CD831E0B67F162DD1C2A7717E244B2
sha3_384: c0a98a61d1dd89dca434449af7784a09e933b5fc148a4114f7a10a5f36d383647903a5a9bb64a540c919747dd05566dd
ep_bytes: f87309f55c407b80feccbc4f60eb0276
timestamp: 2008-05-16 08:00:59


Version Info:

Comments: 
CompanyName: 
FileDescription: PcShare 远程控制类应用程序
FileVersion: 3, 0, 1, 5
InternalName: PcShare
LegalCopyright: 版权所有 (无可非议) 2007 QQ:4564405
LegalTrademarks: 
OriginalFilename: PcShare.EXE
PrivateBuild: 
ProductName: PcShare 远程控制
ProductVersion: 3, 0, 1, 5
SpecialBuild: 
Translation: 0x0804 0x04b0

Trojan.Generic.5327020 also known as:

Elasticmalicious (moderate confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.241ed17520b9c9ff
McAfeeFlyagent.d
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaPacked:Win32/MultiPacked.b32e4f1b
ESET-NOD32a variant of Win32/PcClient.NGQ
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Pcclient-2934
KasperskyPacked.Multi.MultiPacked.gen
BitDefenderTrojan.Generic.5327020
NANO-AntivirusVirus.Win32.Agent.dvixmz
MicroWorld-eScanTrojan.Generic.5327020
AvastWin32:Pasta [Cryp]
TencentWin32.Packed.Multipacked.Hnva
Ad-AwareTrojan.Generic.5327020
EmsisoftTrojan.Generic.5327020 (B)
ComodoPacked.Win32.MUPX.Gen@24tbus
F-SecureTrojan.TR/Gendal.5327020
McAfee-GW-EditionBehavesLike.Win32.Dropper.hc
SophosML/PE-A + W32/Pidgeon-A
SentinelOneStatic AI – Suspicious PE
GDataTrojan.Generic.5327020
JiangminMultiPacked.Multi.pi
WebrootFlyagent.(trojan.or.variant)
AviraTR/Gendal.5327020
Antiy-AVLTrojan/Generic.ASMalwS.150D3E9
KingsoftWin32.Hack.Packed.f.(kcloud)
ArcabitTrojan.Generic.D5148AC
ZoneAlarmPacked.Multi.MultiPacked.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Backdoor/Win32.Hupigon.R142185
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34606.Ju0@aCyvbspb
ALYacTrojan.Generic.5327020
MAXmalware (ai score=99)
RisingTrojan.Win32.Generic.12E5C35D (C64:YzY0Ok4Qi1iMFjti)
YandexTrojan.GenAsa!i2OKtXRVRcE
IkarusTrojan-Spy.Win32.Sincom
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.BELF!tr
AVGWin32:Pasta [Cryp]
Cybereasonmalicious.520b9c
PandaTrj/CI.A

How to remove Trojan.Generic.5327020?

Trojan.Generic.5327020 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment