Trojan

Trojan.Heur.li0fvrpSa!aiR malicious file

Malware Removal

The Trojan.Heur.li0fvrpSa!aiR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.li0fvrpSa!aiR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Trojan.Heur.li0fvrpSa!aiR?



File Info:

name: 9F5D47811F2C646A9A41.mlw
path: /opt/CAPEv2/storage/binaries/3800c48344baa50cce84ba09d32088fd8ee5cffee0a56f36a35be077d84da64e
crc32: C0C2CB2A
md5: 9f5d47811f2c646a9a414a2a725516fb
sha1: 0c08312d9c8a40b55d6dc1911a72fcc3b16d1bf1
sha256: 3800c48344baa50cce84ba09d32088fd8ee5cffee0a56f36a35be077d84da64e
sha512: 5d259863b72f341cc65a8407406714637c7fda1475cf3f6cd7fdbbbcd3c31bb592fd2a99a3b21120951f3c4396e7268af4daf05a4e73abd0f431c83590cd0ff8
ssdeep: 3072:oxL+SwIZxwpynAskjCVSjPerZn5IhR1hY4re5K54vGxyip5bHunKA4:EL+LIYynAspVSzrDg7KoLivH69
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T106041200AFF038A6E64CF23878A08AF72155A59D66238317157DFC1A56B32BF7B42C5D
sha3_384: da2e9c19dfb888844c316c27df22292178cd4066e126202929f4a007c87e14e28896ecf81cb12d1edbab42a8c0a5dd17
ep_bytes: b8dc3346005064ff3500000000648925
timestamp: 2011-02-23 12:20:28


Version Info:

Translation: 0x0409 0x04b0
Comments: IJSdYBQj
CompanyName: MiGMIUY
FileDescription: RgNfQUvjgbs
LegalCopyright: lcpziiVHj
ProductName: Ocbruxp
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Project1
OriginalFilename: Project1.exe

Trojan.Heur.li0fvrpSa!aiR also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.llJp
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.li0fvrpSa!aiR
McAfeeArtemis!9F5D47811F2C
CylanceUnsafe
VIPREGen:Trojan.Heur.li0fvrpSa!aiR
K7AntiVirusTrojan ( 004bcce71 )
K7GWTrojan ( 004bcce71 )
Cybereasonmalicious.11f2c6
ArcabitTrojan.Heur.li0fvrpSa!aiR
VirITTrojan.Win32.Generic.CGTI
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Bifrose.NKU
APEXMalicious
CynetMalicious (score: 100)
KasperskyWorm.Win32.WBNA.ipa
BitDefenderGen:Trojan.Heur.li0fvrpSa!aiR
NANO-AntivirusTrojan.Win32.WBNA.jswewb
AvastWin32:Bifrose-FEH [Trj]
TencentWin32.Worm.Wbna.Gdhl
Ad-AwareGen:Trojan.Heur.li0fvrpSa!aiR
EmsisoftGen:Trojan.Heur.li0fvrpSa!aiR (B)
ComodoTrojWare.Win32.VB.GE@4pqh5b
DrWebTrojan.MulDrop3.30036
ZillyaTrojan.VBKrypt.Win32.31850
TrendMicroTSPY_REFROSO_CC16293F.RDXN
McAfee-GW-EditionPWSZbot-FQZ!9E1F8E6E0150
Trapminemalicious.high.ml.score
FireEyeGen:Trojan.Heur.li0fvrpSa!aiR
SophosMal/VBCheMan-A
JiangminTrojan/VBKrypt.atzq
AviraTR/Dropper.Gen
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotTrojan.Win32.A.VBKrypt.191488.E
ZoneAlarmWorm.Win32.WBNA.ipa
GDataGen:Trojan.Heur.li0fvrpSa!aiR
GoogleDetected
AhnLab-V3Trojan/Win32.VBKrypt.C157118
VBA32Malware-Cryptor.VB.gen.7
ALYacGen:Trojan.Heur.li0fvrpSa!aiR
MalwarebytesMalware.Heuristic.1001
TrendMicro-HouseCallTSPY_REFROSO_CC16293F.RDXN
RisingWorm.WBNA!8.321 (CLOUD)
YandexTrojan.VBKrypt!JajCCxY1kj8
IkarusTrojan-Dropper.Win32.Bifrose
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Refroso.DZP!tr
BitDefenderThetaAI:Packer.AEECEC7C1D
AVGWin32:Bifrose-FEH [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan.Heur.li0fvrpSa!aiR?

Trojan.Heur.li0fvrpSa!aiR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment