Trojan

About “Trojan.Generic.dmLfaahWrXdb” infection

Malware Removal

The Trojan.Generic.dmLfaahWrXdb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.dmLfaahWrXdb virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.Generic.dmLfaahWrXdb?



File Info:

name: 0CAFCEA9B594ECFBCF95.mlw
path: /opt/CAPEv2/storage/binaries/ad12095835c5b0fb4d7d5a32b04457d364f12e281cd1aafea217f2bedf358b5d
crc32: 67D4B784
md5: 0cafcea9b594ecfbcf95d5423810c9a7
sha1: 119d04522d0a8efe8a8449b8a5253329148fe2f4
sha256: ad12095835c5b0fb4d7d5a32b04457d364f12e281cd1aafea217f2bedf358b5d
sha512: 416fa1e859d6854c025aa8905d4c5abb10e18e7dac150d644e87be598b7a39bf90c5491dbb0a340081fc54b7dc75a58ecc35e9f4c1453a284e9c26bf1eeffd1a
ssdeep: 1536:cDhRU+1aVqAtAT+CSsWTxPAUnVyE4IQnmL:cDhRcVqk2qxPAUV5SmL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C83301086A9918E9F3D3473006FB4A5A7B1D3467CFD18A11FCAC2956213316BDDD83AE
sha3_384: 248096841d5a19edf882f4254781f379a76bb2d362a476573c9b3df5b6763e9958a56ad72c6d9379a6fdd4eabda88e61
ep_bytes: 60be00b040008dbe0060ffff5783cdff
timestamp: 2008-06-08 13:52:06


Version Info:

Comments: 
CompanyName: Microsoft Corporation
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: svchost.exe
LegalCopyright: ? Microsoft Corporation. All rights reserved.
LegalTrademarks: 
OriginalFilename: svchost.exe
PrivateBuild: 
ProductName: Microsoft? Windows? Operating System
ProductVersion: 5.1.2600.2180
SpecialBuild: 
Translation: 0x0804 0x04b0

Trojan.Generic.dmLfaahWrXdb also known as:

LionicTrojan.Win32.Agent.5!c
DrWebBackDoor.Siggen.21
MicroWorld-eScanGen:Trojan.Generic.dmLfaahWrXdb
FireEyeGeneric.mg.0cafcea9b594ecfb
CAT-QuickHealBackdoor.Agent.18945
ALYacGen:Trojan.Generic.dmLfaahWrXdb
CylanceUnsafe
ZillyaRootkit.Agent.Win32.9901
SangforTrojan.Win32.Save.a
AlibabaBackdoor:Win32/DarkShell.996a286c
Cybereasonmalicious.9b594e
BitDefenderThetaAI:Packer.34C000B21C
CyrenW32/SYStroj.N.gen!Eldorado
SymantecBackdoor.Trojan
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Agent.DKR
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-888193
KasperskyBackdoor.Win32.DarkShell.rl
BitDefenderGen:Trojan.Generic.dmLfaahWrXdb
NANO-AntivirusTrojan.Win32.DarkShell.dxifoh
AvastFileRepMalware [Trj]
TencentWin32.Rootkit.Agent.Ijf
Ad-AwareGen:Trojan.Generic.dmLfaahWrXdb
EmsisoftGen:Trojan.Generic.dmLfaahWrXdb (B)
ComodoTrojWare.Win32.Agent.ORM@4rvz37
F-SecureTrojan.TR/Crypt.FKM.Gen
BaiduWin32.Trojan.Agent.fp
VIPREGen:Trojan.Generic.dmLfaahWrXdb
TrendMicroBKDR_BVOK.SM
McAfee-GW-EditionBehavesLike.Win32.Fake.qc
Trapminesuspicious.low.ml.score
SophosMal/Behav-160
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Generic.dmLfaahWrXdb
JiangminBackdoor/Agent.axeb
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/Crypt.FKM.Gen
Antiy-AVLTrojan[Rootkit]/Win32.Agent
ArcabitTrojan.Generic.dmLfaahWrXdb
ViRobotTrojan.Win32.RT-Agent.83456[UPX]
ZoneAlarmBackdoor.Win32.DarkShell.rl
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Nbdd.R2022
McAfeeArtemis!0CAFCEA9B594
MAXmalware (ai score=100)
VBA32BScope.Trojan.MulDrop
MalwarebytesMalware.Heuristic.1003
TrendMicro-HouseCallBKDR_BVOK.SM
RisingBackdoor.Darkshell!1.6684 (CLOUD)
YandexRootkit.Agent!FwFkYQKdHdc
IkarusVirus.Win32.Virut.bl
MaxSecureTrojan.Malware.2043381.susgen
AVGFileRepMalware [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Generic.dmLfaahWrXdb?

Trojan.Generic.dmLfaahWrXdb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment