Trojan

Trojan.GenericCS.S28302467 removal instruction

Malware Removal

The Trojan.GenericCS.S28302467 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.GenericCS.S28302467 virus can do?

  • Sample contains Overlay data
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Attempts to modify proxy settings

How to determine Trojan.GenericCS.S28302467?



File Info:

name: C90D577E177E6CC2BE59.mlw
path: /opt/CAPEv2/storage/binaries/476ab672f5df5ed3d3e8bb5639651d3b864d4c9f26401f834b90dd37242f15cf
crc32: 6B040681
md5: c90d577e177e6cc2be59875e434e5435
sha1: b23e5c82beaab14450bc881ed7823b7508763b72
sha256: 476ab672f5df5ed3d3e8bb5639651d3b864d4c9f26401f834b90dd37242f15cf
sha512: a773f91ec587a7113db1e00567ee9fa164381b9e6f4c51eff4acbfed5c3998261e60d03d89d97de0dd3e8f2b0895104f08c6f55114665509fca40c97f3949d4c
ssdeep: 768:cJlWh1KlC6iSiaOpeNPmG6JX6MML3/eISUrUgEw/YCLcCou:clfClxpeNPmG6JX1A32Ipoe/1Rou
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D1632A74BEC4A9B1E3378670C5F29687A427BD537813880D65DA3B474873B42E8B291F
sha3_384: b1fb9581e1d33f43a54da875169a37021f4cb2ccdb9ff6f96c10395c589bb3a523dc437989c9f04ce49aca60dc2226be
ep_bytes: 558bec6aff6898404000686020400064
timestamp: 2004-01-23 23:39:42


Version Info:

0: [No Data]

Trojan.GenericCS.S28302467 also known as:

BkavW32.AIDetectNet.01
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Midie.85757
FireEyeGeneric.mg.c90d577e177e6cc2
CAT-QuickHealTrojan.GenericCS.S28302467
ALYacGen:Variant.Midie.85757
CylanceUnsafe
ZillyaTrojan.Kryplod.Win32.5
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 003b1b581 )
K7GWTrojan ( 003b1b581 )
CrowdStrikewin/malicious_confidence_100% (D)
VirITTrojan.Win32.Dnldr9.RMZ
CyrenW32/SuspPack.C.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Waski.A
APEXMalicious
ClamAVWin.Malware.Upatre-6797996-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Midie.85757
NANO-AntivirusTrojan.Win32.Bublik.ctdoin
AvastWin32:Trojan-gen
TencentTrojan-DL.Win32.Waski.za
Ad-AwareGen:Variant.Midie.85757
EmsisoftGen:Variant.Midie.85757 (B)
ComodoBackdoor.Win32.Popwin.~IT@pe303
DrWebTrojan.DownLoader9.11829
VIPREGen:Variant.Midie.85757
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.kt
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/Zbot-HKM
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan-Downloader.Upatre.BJ
JiangminTrojan/Bublik.kua
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASBOL.C6E4
ArcabitTrojan.Midie.D14EFD
MicrosoftTrojanDownloader:Win32/Upatre.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Upatre.C2868294
McAfeeGeneric-FANY!C90D577E177E
VBA32Trojan.Bublik
MalwarebytesMalware.AI.2237774165
RisingTrojan.Generic@AI.100 (RDML:qiGuOCZCnf88HlnJLS+P9A)
YandexTrojan.GenAsa!9h1veMqbSY0
IkarusTrojan-Spy.Zbot
MaxSecureTrojan.Upatre.Gen
FortinetW32/Krptik.AIX!tr
BitDefenderThetaAI:Packer.91E4B1F51F
AVGWin32:Trojan-gen
Cybereasonmalicious.e177e6
PandaGeneric Malware

How to remove Trojan.GenericCS.S28302467?

Trojan.GenericCS.S28302467 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment