Trojan

Trojan.Heur.lmMfz0jxHIlj (B) removal tips

Malware Removal

The Trojan.Heur.lmMfz0jxHIlj (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.lmMfz0jxHIlj (B) virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan.Heur.lmMfz0jxHIlj (B)?



File Info:

name: 94CFE17710E96751B6C1.mlw
path: /opt/CAPEv2/storage/binaries/961d61b9caa309f7e2c74bc3e8f0a94dd1cc938af1123206fe1f78e2a4e79216
crc32: 5AC14987
md5: 94cfe17710e96751b6c19a9a71bb0a8f
sha1: 6964b1c99f8e885fe2ec5b73b77876debad6f339
sha256: 961d61b9caa309f7e2c74bc3e8f0a94dd1cc938af1123206fe1f78e2a4e79216
sha512: 2b16c612405696d654bf8d0e119a54c3558519b233550650d8ad8b90e4215843d10e7fae4216f8023f2321f0e592b1cd8089e03da7503a0bb54b2acca3af100b
ssdeep: 3072:DnzDvcfdA53A+vDoHDaEI+uuuTVfFi1dgbzzWoOdm6tVN1:DnzDYA53/vkNI+uuu7iDgbzzWoOd1tV/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C6041256ABCCD3F4F9B6AB7209B678FA4833955A732EC732C69D00975CA05B0DDB4108
sha3_384: 85b74effa8e512fcf24c531641aac6658ee5364869dbeb1d5ebd77cbc56395888b1ae222de7d5d4b1491ea6ecb8d8a7c
ep_bytes: 60be002043008dbe00f0fcff5783cdff
timestamp: 2015-11-26 07:12:43


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft® HTML Editing Component's Resource DLL
FileVersion: 7.00.5730.13 (longhorn(wmbla).070711-1130)
InternalName: MSHTMLER.DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: MSHTMLER.DLL
ProductName: Windows® Internet Explorer
ProductVersion: 7.00.5730.13
OleSelfRegister: 
Translation: 0x0409 0x04b0

Trojan.Heur.lmMfz0jxHIlj (B) also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.Heur.lmMfz0jxHIlj
ALYacGen:Trojan.Heur.lmMfz0jxHIlj
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusRansomware ( 004ce30e1 )
BitDefenderGen:Trojan.Heur.lmMfz0jxHIlj
K7GWRansomware ( 004ce30e1 )
Cybereasonmalicious.710e96
CyrenW32/Venik.M.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Farfli.BWS
APEXMalicious
ClamAVWin.Trojan.Hupigon-7623999-0
KasperskyP2P-Worm.Win32.Palevo.hyik
NANO-AntivirusTrojan.Win32.Dwn.dyzqqe
RisingBackdoor.Farfli!1.A275 (RDMK:cmRtazqYcxeWhONvXPLNi/v8ETd0)
Ad-AwareGen:Trojan.Heur.lmMfz0jxHIlj
SophosML/PE-A + Mal/Venik-B
ComodoTrojWare.Win32.Farfli.BVW@6a54oc
DrWebTrojan.DownLoader17.60890
ZillyaAdware.BrowseFox.Win32.229020
McAfee-GW-EditionBehavesLike.Win32.Fake.cc
FireEyeGeneric.mg.94cfe17710e96751
EmsisoftGen:Trojan.Heur.lmMfz0jxHIlj (B)
IkarusTrojan.Win32.Farfli
GDataWin32.Trojan.Palevo.E
JiangminWorm.Palevo.jz
AviraTR/Crypt.XPACK.330551
ArcabitTrojan.Heur.lmMfz0jxHIlj
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win32.Banki.R169299
McAfeeGenericRXAA-AA!94CFE17710E9
MAXmalware (ai score=81)
VBA32Worm.Palevo
MalwarebytesMalware.AI.513609328
PandaTrj/Genetic.gen
TencentP2P-Worm.Win32.Palevo.za
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Farfli.BVW!tr
BitDefenderThetaAI:Packer.A9D6503C1C
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Heur.lmMfz0jxHIlj (B)?

Trojan.Heur.lmMfz0jxHIlj (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment