Trojan

What is “Trojan.Heur.GM.0040420808”?

Malware Removal

The Trojan.Heur.GM.0040420808 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.GM.0040420808 virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Urdu (Pakistan)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan.Heur.GM.0040420808?



File Info:

name: DE71D0458E9A2A113078.mlw
path: /opt/CAPEv2/storage/binaries/c3d453e8560e527df6a333dbb35a649a0dbf2974ec06245185cc477e9f340cf7
crc32: 36AF7D40
md5: de71d0458e9a2a1130781fa1cc5fd024
sha1: eeb9fcbbc6c393c08db9f1a2b49a5baeeb2458b5
sha256: c3d453e8560e527df6a333dbb35a649a0dbf2974ec06245185cc477e9f340cf7
sha512: df8c9c0d1fbfcfd854387516c2352d8c66370094ff95ea3b47844adff827e65db614f45967bc1f94f10150b066275ec77e8490d603af3da89634a96b0c7a0c7b
ssdeep: 1536:+Az+W1hM4oUZwV4hqtQfP1jaDpaXO+IQR8:VCBmiRP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12B63B3F8EBC441B5D23EB835C1B249CB9936703E7D11043E619A7229BE3BBD29D6250D
sha3_384: 109a62ae48993bd765d4e69317d63c0aaf3ffc2330824914325061ec47cc5c7bc5381dcb382332cca8bdd07c9de25f0b
ep_bytes: 64a100000000558bec6aff6888464000
timestamp: 2013-11-16 13:20:44


Version Info:

0: [No Data]

Trojan.Heur.GM.0040420808 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.GM.0040420808
FireEyeGeneric.mg.de71d0458e9a2a11
McAfeeUpatre-FACM!DE71D0458E9A
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 004c59131 )
K7GWTrojan ( 004c59131 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Trojan.Kryptik.jw
SymantecDownloader.Upatre
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.DLZD
APEXMalicious
TrendMicro-HouseCallTROJ_UPATRE.SMJV1
ClamAVWin.Downloader.Upatre-9842256-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.Heur.GM.0040420808
NANO-AntivirusTrojan.Win32.Upatre.dvgeby
SUPERAntiSpywareTrojan.Agent/Gen-Upatre
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Kryptik.kbo
SophosMal/Dyreza-U
F-SecureTrojan.TR/Crypt.ASPM.Gen
DrWebTrojan.Upatre.10590
VIPREGen:Trojan.Heur.GM.0040420808
TrendMicroTROJ_UPATRE.SMJV1
Trapminemalicious.high.ml.score
EmsisoftGen:Trojan.Heur.GM.0040420808 (B)
IkarusTrojan.Agent.ZM
JiangminTrojan.Generic.cumrc
VaristW32/Trojan.TTTZ-7226
AviraTR/Crypt.ASPM.Gen
Antiy-AVLTrojan/Win32.AGeneric
Kingsoftmalware.kb.a.1000
XcitiumTrojWare.Win32.TrojanDownloader.Upatre.BCF@5s4kib
ArcabitTrojan.Heur.GM.D268C5C8
ViRobotTrojan.Win32.Upatre.Gen.C
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan-Downloader.Upatre.AE
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R581941
BitDefenderThetaAI:Packer.8803E4961D
ALYacGen:Trojan.Heur.GM.0040420808
MAXmalware (ai score=81)
VBA32BScope.Trojan.Upatre
Cylanceunsafe
PandaTrj/Genetic.gen
RisingMalware.FakePDF/ICON!1.A24C (CLASSIC)
YandexTrojan.GenAsa!6Or+b80F0do
SentinelOneStatic AI – Malicious PE
FortinetW32/Daserf.B!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.58e9a2
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Upatre.BA

How to remove Trojan.Heur.GM.0040420808?

Trojan.Heur.GM.0040420808 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment