Trojan

Trojan.GenericPMF.S24391552 removal

Malware Removal

The Trojan.GenericPMF.S24391552 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.GenericPMF.S24391552 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Divehi
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • CAPE detected the RedLineDropperAHK malware family
  • Attempts to identify installed AV products by installation directory
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings

How to determine Trojan.GenericPMF.S24391552?



File Info:

name: 29D17B51D9ABA2115636.mlw
path: /opt/CAPEv2/storage/binaries/308910db7b7669700f1cf7df3489bd60a97a1328e1d497697a08fb71bc9b1bec
crc32: D5799E2E
md5: 29d17b51d9aba2115636e7f2c5cea836
sha1: c416225b5c311726cf31f82e9c9d306f6df10894
sha256: 308910db7b7669700f1cf7df3489bd60a97a1328e1d497697a08fb71bc9b1bec
sha512: 8d7aafa502c94a5554e5c22a0f65bc0c2a752b53b8396772f5316763992e9ac397927ea04e734b6106f10efef4ed3c459f4923a0ef7e6cde2df7892efbe19be4
ssdeep: 12288:Xx4PqzkIYegfzQ8M5D6feVX6DMLydioZVTCMSwunnN:N4Iafm5DceFnyYo/TC/bN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C6C40230699CC0BAF4B70A724466CEA11AFB7822552585C737F52B3D0E70EAC1AF436D
sha3_384: e89cbff5d426c8c8f2b82fc4938131b2eb9b5e63b39d210d4e7f98f6653f03fd3f8d6be8004a713c9b807404ecbb2cb9
ep_bytes: e870480000e989feffff8bff558bec83
timestamp: 2020-11-04 14:32:22


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkagat
ProductVersion: 75.54.30.5
Translation: 0x0195 0x047e

Trojan.GenericPMF.S24391552 also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Zbot.m6l9
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.37909446
FireEyeGeneric.mg.29d17b51d9aba211
CAT-QuickHealTrojan.GenericPMF.S24391552
ALYacTrojan.GenericKD.37909446
CylanceUnsafe
K7AntiVirusTrojan ( 00589ae11 )
AlibabaRansom:Win32/StopCrypt.eaa03557
K7GWTrojan ( 00589ae11 )
CrowdStrikewin/malicious_confidence_80% (W)
CyrenW32/Kryptik.FOQ.gen!Eldorado
SymantecPacked.Generic.528
ESET-NOD32a variant of Win32/Kryptik.HNDM
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Dropper.Tofsee-9906614-0
KasperskyHEUR:Exploit.Win32.Shellcode.gen
BitDefenderTrojan.GenericKD.37909446
AvastWin32:MalwareX-gen [Trj]
Ad-AwareTrojan.GenericKD.37909446
SophosMal/Generic-R + Troj/Krypt-BO
TrendMicroRansom_StopCrypt.R002C0DK221
McAfee-GW-EditionBehavesLike.Win32.Backdoor.hc
EmsisoftTrojan.Crypt (A)
IkarusTrojan-Ransom.StopCrypt
GDataWin32.Trojan.PSE1.1EYRCG4
JiangminTrojanSpy.Stealer.heu
AviraTR/Crypt.ZPACK.znxwf
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.34CC200
MicrosoftRansom:Win32/StopCrypt.MAQK!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.R373480
Acronissuspicious
McAfeePacked-GDT!29D17B51D9AB
VBA32Malware-Cryptor.2LA.gen
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallRansom_StopCrypt.R002C0DK221
RisingTrojan.Kryptik!1.DAA2 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetPossibleThreat.PALLASNET.H
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.b5c311
PandaTrj/Genetic.gen

How to remove Trojan.GenericPMF.S24391552?

Trojan.GenericPMF.S24391552 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment