Trojan

Trojan.Heur.ii0arb2RD!hiu information

Malware Removal

The Trojan.Heur.ii0arb2RD!hiu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.ii0arb2RD!hiu virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Starts servers listening on 127.0.0.1:0
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Behavioural detection: Injection (inter-process)
  • A possible heap spray exploit has been detected
  • Installs itself for autorun at Windows startup
  • Stack pivoting was detected when using a critical API
  • Attempts to modify the Microsoft attachment manager possibly to bypass security checks on mail and Internet saved files
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Trojan.Heur.ii0arb2RD!hiu?



File Info:

name: 155CB2578C004E31E778.mlw
path: /opt/CAPEv2/storage/binaries/c737bd3a7b7b0bf05584afcec771effb3dbfc6d0ba9506898e00ed3b116070c1
crc32: F1D0299E
md5: 155cb2578c004e31e7787b99c13b8a60
sha1: 42319afdc6ec4b180618830f689ea8f897fd226e
sha256: c737bd3a7b7b0bf05584afcec771effb3dbfc6d0ba9506898e00ed3b116070c1
sha512: 5231d75a8af7d8b53a800bbac06966a821fa794eacde4454dc92d5c5e3a9d456a821f0bb67f20bd90578dc3809200dfda267710f7b176ea446e3a349d127095a
ssdeep: 3072:wBnXlCKwuw7S9CtMHI87ReRGBsuPA7Lw4S/XAU0dcjQ:wBg7apHI87YEsuPADXUqk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11CD3028A3645952CDA04B73148E5C3B9E8523F3BA5529907F4663E0B9871BE2FF0771C
sha3_384: b425ecf264bb9a5674d12dc55814e9bebf9727d2b06d24b0f96468aebc7df9c23224ec413a057b465fa52e978f70d059
ep_bytes: 6835f44100e801000000c3c38c465e74
timestamp: 2001-08-17 20:52:32


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Particular
ProductName: wmplayer
FileVersion: 1.00
ProductVersion: 1.00
InternalName: project1
OriginalFilename: project1.exe

Trojan.Heur.ii0arb2RD!hiu also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.ii0arb2RD!hiu
FireEyeGeneric.mg.155cb2578c004e31
ALYacGen:Trojan.Heur.ii0arb2RD!hiu
CylanceUnsafe
Sangfor[NTKRNL SECURE SUITE V0.1 -> NTKRNL SOFTWARE ! SIGN BY FLY]
K7AntiVirusTrojan-Downloader ( 002e302e1 )
AlibabaWorm:Win32/Vilsel.6a83e884
K7GWTrojan-Downloader ( 002e302e1 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITBackdoor.RBot.XY
CyrenW32/SuspPack.G.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/VB.NTU
APEXMalicious
KasperskyTrojan.Win32.Vilsel.afat
BitDefenderGen:Trojan.Heur.ii0arb2RD!hiu
NANO-AntivirusTrojan.Win32.Vilsel.fbbbkr
AvastWin32:MSNPass-C [Trj]
TencentWin32.Trojan.Vilsel.Dwto
Ad-AwareGen:Trojan.Heur.ii0arb2RD!hiu
EmsisoftGen:Trojan.Heur.ii0arb2RD!hiu (B)
ComodoTrojWare.Win32.PSW.Ldpinch.~NNT@1op6ij
DrWebTrojan.Click.20169
TrendMicroWORM_RUCTO.SMI
McAfee-GW-EditionBehavesLike.Win32.VirRansom.cc
SophosMal/Generic-R + Troj/Agent-OCY
SentinelOneStatic AI – Malicious PE
GDataGen:Trojan.Heur.ii0arb2RD!hiu
WebrootVir.Tool.Gen
AviraTR/Crypt.CFI.Gen
KingsoftWin32.Hack.MorphineT.a.45056.(kcloud)
SUPERAntiSpywareWorm.Ructo/Variant
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.MSNPass.R1900
McAfeeGeneric BackDoor.wg
MAXmalware (ai score=100)
VBA32TScope.Malware-Cryptor.SB
TrendMicro-HouseCallWORM_RUCTO.SMI
YandexTrojan.Vilsel.Gen!Pac.3
IkarusTrojan.Win32.Vilsel
MaxSecureTrojan.Vilsel.agwm
FortinetW32/FakeAV.FE!tr
BitDefenderThetaAI:Packer.CB7ABD541D
AVGWin32:MSNPass-C [Trj]
Cybereasonmalicious.78c004
PandaTrj/CI.A

How to remove Trojan.Heur.ii0arb2RD!hiu?

Trojan.Heur.ii0arb2RD!hiu removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment