Trojan

Trojan.Heur.emKfrjviMCabh malicious file

Malware Removal

The Trojan.Heur.emKfrjviMCabh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.emKfrjviMCabh virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.Heur.emKfrjviMCabh?



File Info:

name: 7976BBE5F449DE182979.mlw
path: /opt/CAPEv2/storage/binaries/768d76dff43e5f092d8abbf8056a1c9bb3adb9d262597a29ebb6bac7800ea4a1
crc32: 53AB4394
md5: 7976bbe5f449de182979b4ef1715df52
sha1: 0bae21943627c22ca4eb1bb50c49355fc1edf7b2
sha256: 768d76dff43e5f092d8abbf8056a1c9bb3adb9d262597a29ebb6bac7800ea4a1
sha512: 306d3f1f25b1046a1e00b8a57f61620ced83928c218fade34e9e60df505b810567d116975f4b28c03498e2daff2f4bd63a21c0e34b4b2de0bc11de496d695a8f
ssdeep: 1536:Z8WxlWjIVj+MTrQIt3gEabnouy8cx3qCZQX2oooD+AyxArXIVJ9K:NlWaRbtmDoutcxaIQXMmXIM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11B63D1979B848F99E67511705C97DB812E67DC6CCD84C67354C83E3B0E23FAA293E112
sha3_384: 9138ddb38470e090b92eaec3e3a3f5aa394102a5529ae901bf3b93f9147b11c23c04a46d239c36d505dae3de4e7c5aa2
ep_bytes: 60be005041008dbe00c0feff5789e58d
timestamp: 2014-05-26 07:37:54


Version Info:

Comments: 
CompanyName: 
FileDescription: Microsoft(R) Windows(R) Operating System
FileVersion: 6, 0, 2900, 5512
InternalName: 
LegalCopyright: 版权所有 (C) 2013
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: Microsoft 
ProductVersion: 6.00.2900.5512
SpecialBuild: 
Translation: 0x0804 0x04b0

Trojan.Heur.emKfrjviMCabh also known as:

LionicHacktool.Win32.Gena.m4vQ
MicroWorld-eScanGen:Trojan.Heur.emKfrjviMCabh
ClamAVWin.Trojan.Agent-1350033
ALYacGen:Trojan.Heur.emKfrjviMCabh
CylanceUnsafe
VIPREGen:Trojan.Heur.emKfrjviMCabh
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f91f1 )
K7GWTrojan ( 0040f91f1 )
CrowdStrikewin/malicious_confidence_90% (W)
BaiduWin32.Trojan.Kryptik.gp
CyrenW32/Trojan-Gypikon-based.BA!Max
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Agent.QSL
APEXMalicious
CynetMalicious (score: 100)
KasperskyPacked.Win32.Gena.b
BitDefenderGen:Trojan.Heur.emKfrjviMCabh
NANO-AntivirusTrojan.Win32.PolyCrypt.dpmiea
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.10b3039c
Ad-AwareGen:Trojan.Heur.emKfrjviMCabh
SophosML/PE-A + Mal/EncPk-AMI
ComodoTrojWare.Win32.Amtar.MUVP@5hqavh
F-SecureTrojan.TR/Crypt.CFI.Gen
DrWebBackDoor.PcClient.6491
McAfee-GW-EditionGenericRXEY-BF!7976BBE5F449
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.7976bbe5f449de18
EmsisoftGen:Trojan.Heur.emKfrjviMCabh (B)
IkarusTrojan.Win32.Agent2
GDataGen:Trojan.Heur.emKfrjviMCabh
AviraTR/Crypt.CFI.Gen
Antiy-AVLTrojan[Packed]/Win32.Gena.b
ArcabitTrojan.Heur.emKfrjviMCabh
ZoneAlarmPacked.Win32.Gena.b
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.R125540
McAfeeGenericRXEY-BF!7976BBE5F449
MAXmalware (ai score=88)
VBA32TScope.Malware-Cryptor.SB
MalwarebytesMalware.Heuristic.1003
RisingBackdoor.Win32.Dunsenr.ba (CLOUD)
YandexTrojan.GenAsa!Fx7MTH6B/Zg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AC.5325!tr
BitDefenderThetaAI:Packer.73199FCB1D
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.5f449d
PandaTrj/Genetic.gen

How to remove Trojan.Heur.emKfrjviMCabh?

Trojan.Heur.emKfrjviMCabh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment