Categories: Trojan

How to remove “Trojan.Hancitor”?

The Trojan.Hancitor is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Hancitor virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Russian
Looks up the external IP address
A process sent information about the computer to a remote location.

Related domains:

api.ipify.org

iderfeirel.com

How to determine Trojan.Hancitor?


File Info:
crc32: 41466C29md5: 5818518daaf8fef1e7b32f4007ad148bname: 5818518DAAF8FEF1E7B32F4007AD148B.mlwsha1: 4fe4f8c6d6fb3c7ad6a3e2f4a905836d671b973asha256: c00750e11c9387861ebfc216268abb25675cbe7754697854a0e0463ff5afb608sha512: 7ab61336f3e3ebdae5530d9e04d1a7fc73e45a6d16c68ac16431ccf06c37af76b1403bc20447cadc14a512675f33850d37b932fa58c3447b4c06201f1a014c51ssdeep: 6144:K0mda7Ttgc81i5hB0mda7Ttgg81iV0mda7Ttgg81iV0mda7Ttgg81i:LT5h+jqjqjtype: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright xa9 2004-2007 Oleg Bondar:  InternalName: CHMView.exeFileVersion: 0.2CompanyName: Yo-DizignecialBuild: DPrivateBuild: ?0x01ProductNameLegalTrademarks: CHMlib and CHMtools are Copyright xa9 2001 Matthew T. Russotto.Comments: CHMView.exe which allow you browse CHM files in system default web-browser (e.g. Opera). It unpacks all files from CHM and makes framed index file. Homepage on Russian: www.yaransk.ru/~hobolity for viewing CHM files without IExplorer: ,x04x01ProductVersionFileDescription: Utility for viewing CHM filesOriginalFilename: CHMView.exeTranslation: 0x0019 0x04e3

Trojan.Hancitor also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36252137
FireEye	Generic.mg.5818518daaf8fef1
McAfee	RDN/Hancitor
Malwarebytes	Trojan.Hancitor
BitDefender	Trojan.GenericKD.36252137
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	UDS:DangerousObject.Multi.Generic
AegisLab	Trojan.Multi.Generic.4!c
Rising	Trojan.Kryptik!1.C73F (CLASSIC)
Sophos	ML/PE-A
F-Secure	Trojan.TR/AD.ZDlder.AL
DrWeb	Trojan.Chanitor.59
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Trojan.GenericKD.36252137 (B)
Ikarus	Win32.Outbreak
Avira	TR/AD.ZDlder.AL
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Kingsoft	Win32.Heur.KVMH008.a.(kcloud)
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Win32.Trojan.Kryptik.2TBHOL
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZedlaF.34780.IK8@aOfuy@jG
MAX	malware (ai score=81)
ESET-NOD32	a variant of Generik.DEFHLQJ
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Generik.DEFHLQJ!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Trojan-gen
Paloalto	generic.ml
Qihoo-360	HEUR/QVM39.1.E183.Malware.Gen