Trojan

What is “Trojan.Generic.B4”?

Malware Removal

The Trojan.Generic.B4 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.B4 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Anomalous binary characteristics

How to determine Trojan.Generic.B4?



File Info:

name: 5F5BEF14F6D5B1B25C6E.mlw
path: /opt/CAPEv2/storage/binaries/00608f39d220f0dd583dff258227580d0b6f51208c38b51138077a1fd838a9a4
crc32: A990A4A3
md5: 5f5bef14f6d5b1b25c6ea7107a161ba7
sha1: 5b8c9dfd0176118e2e10109ca3fd0777fa745a74
sha256: 00608f39d220f0dd583dff258227580d0b6f51208c38b51138077a1fd838a9a4
sha512: 32e6ca4e646b310a192dc7953ac2bfc7a522e91bc1ff8c10db40d10b968e264768da2e4de5049af54134f4b99b4c017f2eff1a02af15801ee167df36670ae7c2
ssdeep: 3072:aDrqByZ0EFEHur91vFaFHfE2bPphUWZ06BdlQ2TU3Tbn0CtX0b8hS0joDQg2e17w:zkAurXFGs2bxhUWHBMcU3Tz0UYLHgP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ED347C30A7A0C035F4F612F889BA9379A93D7EA1673490CF66D116EE5634AE5DC30393
sha3_384: 65c063d89a91ae66bf063ad72e45f8936b1f1a198188ed7a38867e3d9fbdf0b33b147d0b663643082d0dd65b50d1c901
ep_bytes: 8bff558bece8e69e0000e8110000005d
timestamp: 2014-09-11 21:10:45


Version Info:

CompanyName: PassMark Software
FileDescription: System Information Plugin
FileVersion: 1.0.0.8
InternalName: Battery Capacity Plugin
LegalCopyright: Copyright © 2015. All rights reserved.
OriginalFilename: Plugin.exe
ProductName: System Information Plugin
ProductVersion: 1.0.0.8
Comments: System Information Plugin
LegalTrademarks: PassMark Software
Translation: 0x00e9 0x04b0

Trojan.Generic.B4 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ulise.327710
FireEyeGeneric.mg.5f5bef14f6d5b1b2
CAT-QuickHealTrojan.Generic.B4
ALYacGen:Variant.Ulise.327710
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1254624
K7AntiVirusTrojan ( 0055dd191 )
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.4f6d5b
CyrenW32/S-b6f9dcc2!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.DEZN
APEXMalicious
KasperskyHEUR:Trojan.Win32.Tinba.pef
BitDefenderGen:Variant.Ulise.327710
NANO-AntivirusTrojan.Win32.Graftor.drabzh
AvastWin32:Trojan-gen
RisingTrojan.Generic@ML.86 (RDML:jMk7eLJ8Z+JJSmi0q4o1ig)
Ad-AwareGen:Variant.Ulise.327710
SophosML/PE-A + Troj/Tinba-FG
ComodoTrojWare.Win32.Tinba.DEZ@7uovu6
DrWebTrojan.PWS.Tinba.148
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_TINBA.SMJ
McAfee-GW-EditionGenericRXGE-PD!5F5BEF14F6D5
EmsisoftGen:Variant.Ulise.327710 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Ulise.327710
AviraTR/Crypt.ZPACK.Gen4
MAXmalware (ai score=83)
Antiy-AVLTrojan/Win32.AGeneric
ArcabitTrojan.Ulise.D5001E
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Gen
McAfeeGenericRXGE-PD!5F5BEF14F6D5
VBA32BScope.Backdoor.Androm
MalwarebytesTrojan.Tinba
TrendMicro-HouseCallTROJ_TINBA.SMJ
TencentMalware.Win32.Gencirc.10b15434
YandexTrojan.Kryptik!ESq5rc3dR/c
IkarusTrojan.Win32.Kovter
eGambitUnsafe.AI_Score_87%
FortinetW32/Kryptik.DDLY!tr
BitDefenderThetaGen:NN.ZexaF.34062.pu0@aq1q9FbG
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Generic.B4?

Trojan.Generic.B4 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment