Trojan

Trojan.Generic.KDZ.12668 (file analysis)

Malware Removal

The Trojan.Generic.KDZ.12668 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Generic.KDZ.12668 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Deletes its original binary from disk
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup

How to determine Trojan.Generic.KDZ.12668?



File Info:

name: BA04877AF9D0E22A76E3.mlw
path: /opt/CAPEv2/storage/binaries/00148d1ea9ffb1f27fc62a8a987ea8850b729d6053999b15d60962550a07f618
crc32: FC1924E9
md5: ba04877af9d0e22a76e32a0a9f1fdc3c
sha1: e5dc8cb12637d1998cff8a5221d0fa9722a0b9fe
sha256: 00148d1ea9ffb1f27fc62a8a987ea8850b729d6053999b15d60962550a07f618
sha512: de8d823a952ae4346dbbbe1a9c1390f2c635062607b4284d97ea64ec927790efb9cf75b38da1f1238e121fcf52339f4012b9a5982b0b17ed477a85b51f8a1205
ssdeep: 12288:NEFuJbBrZ+SvLr0S5ioF6QEDQGxlGB26x0X:NEFuJbBrZ+Sv3YoFhEDJsx6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T174A45B82284D95B3C930DE39158CF2BD15660EFEE7FB150A38F57D4624F5AE0943AB22
sha3_384: 4d6920c39c02a20956d0864005402c61b3d4587ed53b596f7ca52d6917266d5059c805fbe9f6d59c8c0c2da88799bf76
ep_bytes: e88a160000e979feffff8bff558bec81
timestamp: 2009-03-10 05:44:41


Version Info:

Comments: 
CompanyName: CleanMyPC Tools Software
FileDescription: CleanMyPC Registry Cleaner
FileVersion: 4, 4, 6, 0
InternalName: RegistryCleaner
LegalCopyright: Copyright (C) 2001-2012 CleanMyPC
LegalTrademarks: CleanMyPC
OriginalFilename: 
PrivateBuild: 
ProductName: CleanMyPC Registry Cleaner
ProductVersion: 4, 4, 6, 0
SpecialBuild: 
Translation: 0x0409 0x04b0

Trojan.Generic.KDZ.12668 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Generic.KDZ.12668
FireEyeGeneric.mg.ba04877af9d0e22a
CAT-QuickHealTrojanSpy.Zbot.CG
ALYacTrojan.Generic.KDZ.12668
CylanceUnsafe
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Injector.16cb09c2
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.af9d0e
ESET-NOD32Win32/Injector.AEPU
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Generickdv-9942794-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Generic.KDZ.12668
NANO-AntivirusTrojan.Win32.TrjGen.cqldob
AvastWin32:LockScreen-UP [Trj]
RisingTrojan.Agent!1.68D0 (CLASSIC)
Ad-AwareTrojan.Generic.KDZ.12668
SophosML/PE-A
ComodoTrojWare.Win32.Injector.AERP@4w6lnu
DrWebTrojan.Siggen4.40328
ZillyaTrojan.Blocker.Win32.6760
TrendMicroWORM_DORKBOT.SMM
McAfee-GW-EditionBehavesLike.Win32.Dropper.gm
Trapminemalicious.moderate.ml.score
EmsisoftTrojan.Generic.KDZ.12668 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.Generic.KDZ.12668
WebrootTrojan.Dropper.Gen
AviraHEUR/AGEN.1209916
MAXmalware (ai score=98)
KingsoftWin32.Heur.KVMF4.hy.(kcloud)
ArcabitTrojan.Generic.KDZ.D317C
MicrosoftTrojan:Win32/Ircbrute
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R113914
McAfeeArtemis!BA04877AF9D0
VBA32TrojanDropper.Injector
TrendMicro-HouseCallWORM_DORKBOT.SMM
TencentWin32.Trojan.Generic.Pefk
IkarusTrojan-Dropper.Win32.Injector
FortinetW32/Injector.AEPU
BitDefenderThetaGen:NN.ZexaF.34742.Cq0@amih7gm
AVGWin32:LockScreen-UP [Trj]
PandaTrj/Agent.IVN
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Trojan.Generic.KDZ.12668?

Trojan.Generic.KDZ.12668 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment