Trojan

What is “Trojan.GenericPMF.S19414889”?

Malware Removal

The Trojan.GenericPMF.S19414889 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.GenericPMF.S19414889 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.GenericPMF.S19414889?



File Info:

name: 89809340D2A6F973E5C2.mlw
path: /opt/CAPEv2/storage/binaries/e7ad95dd8c33105558acda243e50700980a21c26150b3324484eae15029da745
crc32: FE2ADD2A
md5: 89809340d2a6f973e5c238ac1f8771ec
sha1: 6bde6fc1cc027a64a91c5acdf6ed02b1edbfe1be
sha256: e7ad95dd8c33105558acda243e50700980a21c26150b3324484eae15029da745
sha512: d1347ec332880dc213f24d9296519e829a68ea4d97d6dfdf152edb2800c9473116dcbd3cbb91a7365ec907de6c9f7d728c2fa2bfc8f8e613952b0ee3b3d558f0
ssdeep: 3072:QL4vsbM6+uW8Y9Ra9JIxXFoF8JkNOFuwNCoUYl2ZuqCD3degVuL9:24vbudaRa9axVoOYOg9VRCD3HE9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T156E312E6975DC58DD75B8E7666A88B3BB432713FADF6C490505EE1DF304E22C80018AE
sha3_384: 5cb4499b57e8a583418c6b01fc600b0c5e189cf4bf3fe71bdd563383364c6392b2a6e825be73e58148cea285a3c4f83e
ep_bytes: 60be001043008dbe0000fdff5783cdff
timestamp: 2006-01-24 13:31:17


Version Info:

CompanyName: ОФнбзщЫУшВНШэрзюЫзОюхюлОжЬъЧ
FileDescription: ГкфЧючнЗЪнСсббЦюхЫепАП
FileVersion: 54.119.92.8
InternalName: шНшЫяИБКЮХИьмчлрЮьЬАВЯУЫяЛ
LegalCopyright: 9767-5092
OriginalFilename: 3Jl.exe
ProductName: йЖЕдЖчныБивОэршЭГяВхшЮЕ
ProductVersion: 54.119.92.8
Translation: 0x04b0 0x0417

Trojan.GenericPMF.S19414889 also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (high confidence)
DrWebTrojan.Packed.20343
MicroWorld-eScanGen:Variant.Bredo.6
FireEyeGeneric.mg.89809340d2a6f973
CAT-QuickHealTrojan.GenericPMF.S19414889
ALYacGen:Variant.Bredo.6
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Zbot.mt
K7AntiVirusTrojan ( f1000f011 )
AlibabaTrojanPSW:Win32/Kryptik.9b2006f4
K7GWTrojan ( f1000f011 )
Cybereasonmalicious.0d2a6f
BitDefenderThetaAI:Packer.4DF9F3961F
VirITTrojan.Win32.Generic.CST
CyrenW32/Qakbot.A.gen!Eldorado
SymantecInfostealer
ESET-NOD32a variant of Win32/Kryptik.HAZ
TrendMicro-HouseCallBKDR_QAKBOT.SMC
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-17987
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Bredo.6
NANO-AntivirusTrojan.Win32.Zbot.ddance
TencentMalware.Win32.Gencirc.10b87701
Ad-AwareGen:Variant.Bredo.6
SophosMal/Generic-R + Mal/FakeAV-DV
ComodoMalCrypt.Indus!@1qrzi1
ZillyaTrojan.Zbot.Win32.23480
TrendMicroBKDR_QAKBOT.SMC
McAfee-GW-EditionBehavesLike.Win32.Downloader.cc
EmsisoftGen:Variant.Bredo.6 (B)
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Bredo.6
JiangminTrojanSpy.Zbot.aifc
WebrootW32.Malware.Gen
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Generic.ASMalwS.18124F6
ViRobotTrojan.Win32.A.Zbot.150596[UPX]
MicrosoftPWS:Win32/Zbot
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Heur.h10.R55047
McAfeeGenericRXAA-AA!89809340D2A6
MAXmalware (ai score=100)
VBA32BScope.Trojan.Packed
PandaTrj/Sinowal.XEG
APEXMalicious
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!aO2MQdZZ1CI
SentinelOneStatic AI – Malicious PE
eGambitGeneric.PSW
FortinetW32/Zbot.AKTM!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureTrojan.Malware.7164915.susgen

How to remove Trojan.GenericPMF.S19414889?

Trojan.GenericPMF.S19414889 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment