Trojan

How to remove “Trojan.GenericRI.S18429431”?

Malware Removal

The Trojan.GenericRI.S18429431 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.GenericRI.S18429431 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Captures Screenshot
  • Behavior consistent with a dropper attempting to download the next stage.
  • Attempts to modify proxy settings

How to determine Trojan.GenericRI.S18429431?



File Info:

name: A3E2C9FDFB20A82EFE5A.mlw
path: /opt/CAPEv2/storage/binaries/62e378f49b5f8d345ac00e8b8dbcd1254bd466c7116da6b866403eaa2277e5b6
crc32: 028D9A6F
md5: a3e2c9fdfb20a82efe5acceddcce3e79
sha1: 9d997452837d77ebb4df1ff58203c75a5a66adc8
sha256: 62e378f49b5f8d345ac00e8b8dbcd1254bd466c7116da6b866403eaa2277e5b6
sha512: 43a9ba1bff3f5666bc73c3ea600bcae382cf607e9fe667628417c1d92ef00e5bca4bc1e0d00167bcafc56706c6c0e8a09a2683b25977550c19b1a2411a33e86d
ssdeep: 12288:tmjLCtqtmGQzRUsjDVO/gvR3RNx73tDX4hoSF8:tsIqta2uO/gvR3RzhDXJ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17E942208F5D1630AE17A6178164FEA285E05BF8C505A47BF3049371FBF938621A93BB7
sha3_384: b60aa2839182452941b210b132da10f6a92b8bd0af152ba52992e0fcb0042f347571724492e70d5824b73f1aa2775608
ep_bytes: 60be00304c008dbe00e0f3ff5789e58d
timestamp: 2016-03-09 01:13:26


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 0.0.1.225
InternalName: 
LegalCopyright: Copyright (C) 作者 2013
OriginalFilename: 游戏茶苑 千变双扣.exe
ProductName: 
ProductVersion: 0.0.1.225
Translation: 0x0009 0x04b0

Trojan.GenericRI.S18429431 also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Strictor.130381
FireEyeGeneric.mg.a3e2c9fdfb20a82e
CAT-QuickHealTrojan.GenericRI.S18429431
McAfeeGenericRXAA-AA!A3E2C9FDFB20
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 0050725b1 )
BitDefenderGen:Variant.Strictor.130381
K7GWTrojan ( 0050725b1 )
Cybereasonmalicious.dfb20a
CyrenW32/Trojan.GCE.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.AAuto.A suspicious
APEXMalicious
ClamAVWin.Malware.Aauto-9814544-0
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Click3.emvskr
Ad-AwareGen:Variant.Strictor.130381
EmsisoftGen:Variant.Strictor.130381 (B)
DrWebTrojan.Click3.22208
McAfee-GW-EditionBehavesLike.Win32.Dropper.gc
IkarusPUA.AAuto
JiangminAdware.Agent.ypd
AviraHEUR/AGEN.1141572
Antiy-AVLTrojan/Generic.ASMalwS.2177D63
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Variant.Strictor.130381
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R266431
VBA32BScope.Trojan.Click
ALYacGen:Variant.Strictor.130381
MAXmalware (ai score=89)
MalwarebytesMalware.AI.257577177
YandexTrojan.GenAsa!ugNw+rv2Vs4
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_96%
FortinetRiskware/SwiftG
BitDefenderThetaGen:NN.ZexaF.34294.zmKfauqCPLaG
AVGWin32:Malware-gen
AvastWin32:Malware-gen
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.GenericRI.S18429431?

Trojan.GenericRI.S18429431 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment