Trojan

How to remove “Trojan.Heur.emKfrre67Kfbh”?

Malware Removal

The Trojan.Heur.emKfrre67Kfbh is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.emKfrre67Kfbh virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings

How to determine Trojan.Heur.emKfrre67Kfbh?



File Info:

name: 00AD927DBB4B2E055D07.mlw
path: /opt/CAPEv2/storage/binaries/a33f5d65048915831921caf5defcadc26392163c693090652b4c91f0855aae75
crc32: D2DF96FB
md5: 00ad927dbb4b2e055d07cd1bdba441ad
sha1: 0b80574dc16203aba8c8ac49488bd265b8fd409f
sha256: a33f5d65048915831921caf5defcadc26392163c693090652b4c91f0855aae75
sha512: f5ba7cc3d3c782c379aa6d82539ce629fc2b52ec17b1524793754c2c8761db2721c6c6f9350c062f6a509a658c88291d235013dfb774c1fd158c9c97b35b56b1
ssdeep: 1536:zQPimNLw0h1HSA+EhsycPEnouy8K3qCJHQX2oooD+AyxArHIVJ96:cPFNnHSx31soutKa2HQXMmHIc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12573E143A7405E59E435417514D79F49052ADD9CCCECCBB39C98BC7B1823FAE293EA24
sha3_384: 1b17f0e27e02ee0614bdc0c3c01708d8cd200aea39d27fbcf41307c9991ded98bb1f4846423bbe1d0341b3981b0b7bb1
ep_bytes: 60be005041008dbe00c0feff5789e58d
timestamp: 2014-06-12 12:49:01


Version Info:

Comments: 
CompanyName: 
FileDescription: Microsoft(R) Windows(R) Operating System
FileVersion: 6, 0, 2900, 5512
InternalName: 
LegalCopyright: 版权所有 (C) 2013
LegalTrademarks: 
OriginalFilename: 
PrivateBuild: 
ProductName: Microsoft 
ProductVersion: 6.00.2900.5512
SpecialBuild: 
Translation: 0x0804 0x04b0

Trojan.Heur.emKfrre67Kfbh also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Agent2.lZVM
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Trojan.Heur.emKfrre67Kfbh
ClamAVWin.Trojan.Agent-1377959
FireEyeGeneric.mg.00ad927dbb4b2e05
McAfeeGenericRXEY-BF!00AD927DBB4B
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f91f1 )
K7GWTrojan ( 0040f91f1 )
Cybereasonmalicious.dbb4b2
BaiduWin32.Trojan.Kryptik.gp
CyrenW32/Trojan-Gypikon-based.BA!Max
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.QMU
APEXMalicious
CynetMalicious (score: 100)
KasperskyPacked.Win32.Gena.b
BitDefenderGen:Trojan.Heur.emKfrre67Kfbh
NANO-AntivirusTrojan.Win32.PolyCrypt.dpmihi
SUPERAntiSpywareTrojan.Agent/Gen-Gypikon
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.10b31ddd
Ad-AwareGen:Trojan.Heur.emKfrre67Kfbh
EmsisoftGen:Trojan.Heur.emKfrre67Kfbh (B)
ComodoTrojWare.Win32.Agent.GFBT@5eayhy
DrWebTrojan.Click3.3888
VIPREGen:Trojan.Heur.emKfrre67Kfbh
McAfee-GW-EditionGenericRXEY-BF!00AD927DBB4B
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/EncPk-AMI
IkarusTrojan.Win32.Agent2
GDataGen:Trojan.Heur.emKfrre67Kfbh
AviraTR/Crypt.CFI.Gen
MAXmalware (ai score=88)
Antiy-AVLTrojan/Generic.ASMalwS.11D
KingsoftWin32.Heur.KVM007.a.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Agent.R110567
BitDefenderThetaAI:Packer.04304F201D
ALYacGen:Trojan.Heur.emKfrre67Kfbh
VBA32TScope.Malware-Cryptor.SB
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Win32.Generic.16E97E2F (C64:YzY0OkhM+hmjOwUr)
YandexTrojan.CFI!8L+ws2cPcpA
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AC.5325!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.Heur.emKfrre67Kfbh?

Trojan.Heur.emKfrre67Kfbh removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment