Trojan

About “Trojan.Heur.emKfrP06Z2nbh” infection

Malware Removal

The Trojan.Heur.emKfrP06Z2nbh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.emKfrP06Z2nbh virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.Heur.emKfrP06Z2nbh?



File Info:

name: 03E2A81C0B7D4B08D3EA.mlw
path: /opt/CAPEv2/storage/binaries/b93c6550c02c46c1aa4edc5a1309416ce70ad2f44543004248d9a5e5e7e7a5b1
crc32: 1A499FF4
md5: 03e2a81c0b7d4b08d3ea7a6e677461ce
sha1: 076ab9e5cac13d4694f3063d923983420f352d70
sha256: b93c6550c02c46c1aa4edc5a1309416ce70ad2f44543004248d9a5e5e7e7a5b1
sha512: ff32a0a28dd5396b0d371ec6496db248f2315d43a3c90f7a29918b2059b6a07e28dbf414d100834eb11d6bda4df5bb5374236455d6853aba2d64f7e780d7d196
ssdeep: 1536:0cBwMtOiTNvA7lvI9xoo2pDiH0I9nouy8YS3qCZQX2oooD+AyxArXIVJ9K:nmYNTxQlA9xepWjoutYSaIQXMmXIM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F63DF8387945DCBD8798136189BD98D492ACC99DCC58BB328883DAB0DB2F5F713F205
sha3_384: eb18e2d7d10b5d61b801fe05c76b9d1676d3340cc3a7b1c8e1b4541f151da7541c5d261a815858953e36bc6228849779
ep_bytes: 60be005041008dbe00c0feff5789e58d
timestamp: 2014-05-26 07:37:54


Version Info:

Comments: 
CompanyName: 
FileDescription: Microsoft(R) Windows(R) Operating System
FileVersion: 6, 0, 2900, 5512
InternalName: 
LegalCopyright: 版权所有 (C) 2013
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: Microsoft 
ProductVersion: 6.00.2900.5512
SpecialBuild: 
Translation: 0x0804 0x04b0

Trojan.Heur.emKfrP06Z2nbh also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (moderate confidence)
DrWebBackDoor.PcClient.6491
MicroWorld-eScanGen:Trojan.Heur.emKfrP06Z2nbh
FireEyeGeneric.mg.03e2a81c0b7d4b08
McAfeeGenericRXEY-BF!03E2A81C0B7D
CylanceUnsafe
VIPREGen:Trojan.Heur.emKfrP06Z2nbh
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f91f1 )
K7GWTrojan ( 0040f91f1 )
Cybereasonmalicious.c0b7d4
ArcabitTrojan.Heur.emKfrP06Z2nbh
BitDefenderThetaAI:Packer.B708E1491D
VirITBackdoor.Win32.PcClient.JPR
CyrenW32/Trojan-Gypikon-based.BA!Max
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.QSL
TrendMicro-HouseCallTROJ_GEN.R03BC0DG122
ClamAVWin.Trojan.Agent-1350033
KasperskyPacked.Win32.Gena.b
BitDefenderGen:Trojan.Heur.emKfrP06Z2nbh
NANO-AntivirusTrojan.Win32.PolyCrypt.dpmiea
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b3039c
Ad-AwareGen:Trojan.Heur.emKfrP06Z2nbh
SophosML/PE-A + Mal/EncPk-AMI
ComodoTrojWare.Win32.Amtar.MUVP@5hqavh
BaiduWin32.Trojan.Kryptik.gp
TrendMicroTROJ_GEN.R03BC0DG122
McAfee-GW-EditionGenericRXEY-BF!03E2A81C0B7D
Trapminemalicious.high.ml.score
EmsisoftGen:Trojan.Heur.emKfrP06Z2nbh (B)
IkarusTrojan.Win32.Agent2
AviraTR/Crypt.CFI.Gen
MAXmalware (ai score=88)
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataGen:Trojan.Heur.emKfrP06Z2nbh
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R125540
VBA32TScope.Malware-Cryptor.SB
ALYacGen:Trojan.Heur.emKfrP06Z2nbh
MalwarebytesMalware.Heuristic.1003
APEXMalicious
RisingBackdoor.Win32.Dunsenr.ba (CLOUD)
YandexTrojan.GenAsa!Fx7MTH6B/Zg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Agent.QSL!tr
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.Heur.emKfrP06Z2nbh?

Trojan.Heur.emKfrP06Z2nbh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment