Trojan

Trojan.Heur.DmNfHTZojWii (file analysis)

Malware Removal

The Trojan.Heur.DmNfHTZojWii is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.DmNfHTZojWii virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan.Heur.DmNfHTZojWii?



File Info:

name: 12747E2BD3F95FF7DFAC.mlw
path: /opt/CAPEv2/storage/binaries/1cd018734f7dc8dd5e1c576be32a7fd02ff23c1cfb455399931f5fa013d5693a
crc32: 047562EA
md5: 12747e2bd3f95ff7dfac195a20b41fe8
sha1: 5245aaca56c2a8cd03f402409d29b98322a8677f
sha256: 1cd018734f7dc8dd5e1c576be32a7fd02ff23c1cfb455399931f5fa013d5693a
sha512: a2001e12f12aaef4786efdf57f93b6567d3bac141d23a21026eaf10731b3944fab9f63efe4b7c7b9747f3d02513bb631e7195778389d49a897d50e382c2a44b0
ssdeep: 12288:mpPA7A4shGDxyF4HWfYZQ21LqIBR02s1zyLp:4ANiQsGqY5lNp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AEA423CBA3433141D19508329B2519D4B86137D92733742E9B5BB6DDD9FEACFC98680C
sha3_384: 0a04ba07f8634f8cc303f94f1863432aad40181642da5b4900a6e7535f844ac270590a2cd1bc501592cfa429f5f42148
ep_bytes: 60be007041008dbe00a0feff5783cdff
timestamp: 2011-05-20 19:41:05


Version Info:

Translation: 0x0409 0x04b0
Comments: MqFZsLGvbkljoZ
CompanyName: VPifBYwCyJMcxyI
FileDescription: YuGUCTGKk
LegalCopyright: aQfpYQK
ProductName: dhvFaobNoK
FileVersion: 1.00
ProductVersion: 1.00
InternalName: 2
OriginalFilename: 2.exe

Trojan.Heur.DmNfHTZojWii also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.l0qv
Elasticmalicious (moderate confidence)
DrWebTrojan.MulDrop2.61789
MicroWorld-eScanGen:Trojan.Heur.DmNfHTZojWii
FireEyeGeneric.mg.12747e2bd3f95ff7
CAT-QuickHealTrojan.VB.Gen
SkyhighBehavesLike.Win32.Generic.gc
McAfeeArtemis!12747E2BD3F9
Cylanceunsafe
VIPREGen:Trojan.Heur.DmNfHTZojWii
SangforTrojan.Win32.Save.a
BitDefenderGen:Trojan.Heur.DmNfHTZojWii
Cybereasonmalicious.a56c2a
BitDefenderThetaAI:Packer.CA8A7AC01C
VirITTrojan.Win32.VB.AXAU
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Bifrose.NKU
APEXMalicious
ClamAVWin.Trojan.Ag-1
KasperskyWorm.Win32.WBNA.ipa
AlibabaWorm:Win32/VBInject.53aa5db5
NANO-AntivirusTrojan.Win32.WBNA.ecepvm
ViRobotTrojan.Win32.A.VBKrypt.239616.F[UPX]
RisingTrojan.VbUndef!1.99F7 (CLOUD)
EmsisoftGen:Trojan.Heur.DmNfHTZojWii (B)
F-SecureTrojan.TR/Dropper.Gen
ZillyaTrojan.Bifrose.Win32.5792
Trapminemalicious.moderate.ml.score
SophosMal/VBCheMan-A
IkarusTrojan.Injector
JiangminWorm.WBNA.bgta
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Dropper.Gen
Antiy-AVLWorm/Win32.WBNA.gen
KingsoftWin32.Worm.WBNA.ipa
MicrosoftTrojan:Win32/Wacatac.B!ml
XcitiumMalware@#1seqnysecgqkh
ArcabitTrojan.Heur.DmNfHTZojWii
ZoneAlarmWorm.Win32.WBNA.ipa
GDataGen:Trojan.Heur.DmNfHTZojWii
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Rbot.C4567
VBA32Trojan.VB.Schmidti
ALYacGen:Trojan.Heur.DmNfHTZojWii
DeepInstinctMALICIOUS
PandaTrj/CI.A
TencentWin32.Worm.Wbna.Xmhl
YandexTrojan.GenAsa!6u6JTrUvxwM
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Bifrose.NKY!tr
AVGWin32:VBCrypt-BFN [Trj]
AvastWin32:VBCrypt-BFN [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Heur.DmNfHTZojWii?

Trojan.Heur.DmNfHTZojWii removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment