Trojan

Trojan.Heur.lmMfz0jxHIlj removal

Malware Removal

The Trojan.Heur.lmMfz0jxHIlj is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.lmMfz0jxHIlj virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics

How to determine Trojan.Heur.lmMfz0jxHIlj?



File Info:

name: F0311E47C8F96E36DC34.mlw
path: /opt/CAPEv2/storage/binaries/241caff09c25e6116fc968d901d2cbca70c39fac959063b392d4322bb70d112f
crc32: 1CD49EB2
md5: f0311e47c8f96e36dc34b8814d9ba1c9
sha1: 1707f9df84ee5f4e25854e67f24524d9fbc5f870
sha256: 241caff09c25e6116fc968d901d2cbca70c39fac959063b392d4322bb70d112f
sha512: 2785055b3b45a842ddf68a44bd9a344ffe8784d6beff312da0847cce6502bd2fb2f963042022f66a1c6c1456cf5ca918cba59eb59eb75ac7fccfb8c8985ed610
ssdeep: 3072:DnzDvcfdA53A+vDoHDaEI+uuuTVfFi1dgbzzWoOdm6tVNV:DnzDYA53/vkNI+uuu7iDgbzzWoOd1tVb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E6041256ABCCD3F0F9B6AB7209B638FA4873955A632EC732C69D00975CA05B0DDB4108
sha3_384: 2d07f83e90b538ace8221ff4dca515f577af6d7dd5288c82697b6dfa3532c111ee8a95ac36fcf33b4d63986598373edc
ep_bytes: 60be002043008dbe00f0fcff5783cdff
timestamp: 2015-11-26 07:12:43


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft® HTML Editing Component's Resource DLL
FileVersion: 7.00.5730.13 (longhorn(wmbla).070711-1130)
InternalName: MSHTMLER.DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: MSHTMLER.DLL
ProductName: Windows® Internet Explorer
ProductVersion: 7.00.5730.13
OleSelfRegister: 
Translation: 0x0409 0x04b0

Trojan.Heur.lmMfz0jxHIlj also known as:

tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.Heur.lmMfz0jxHIlj
FireEyeGeneric.mg.f0311e47c8f96e36
ALYacGen:Trojan.Heur.lmMfz0jxHIlj
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderGen:Trojan.Heur.lmMfz0jxHIlj
K7GWRansomware ( 004ce30e1 )
K7AntiVirusRansomware ( 004ce30e1 )
CyrenW32/Venik.M.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Farfli.BWS
APEXMalicious
ClamAVWin.Trojan.Hupigon-7623999-0
KasperskyP2P-Worm.Win32.Palevo.hyik
NANO-AntivirusTrojan.Win32.Dwn.dyzqqe
RisingBackdoor.Farfli!1.A275 (CLASSIC)
Ad-AwareGen:Trojan.Heur.lmMfz0jxHIlj
SophosML/PE-A + Mal/Venik-B
ComodoTrojWare.Win32.Farfli.BVW@6a54oc
DrWebTrojan.DownLoader17.60890
ZillyaAdware.BrowseFox.Win32.229020
McAfee-GW-EditionBehavesLike.Win32.Fake.cc
EmsisoftGen:Trojan.Heur.lmMfz0jxHIlj (B)
IkarusTrojan.Win32.Farfli
JiangminWorm.Palevo.jz
AviraTR/Crypt.XPACK.330551
MicrosoftTrojan:Win32/Wacatac.B!ml
GDataWin32.Trojan.Palevo.E
CynetMalicious (score: 100)
AhnLab-V3Dropper/Win32.Banki.R169299
McAfeeGenericRXAA-AA!F0311E47C8F9
MAXmalware (ai score=87)
VBA32Worm.Palevo
MalwarebytesMalware.AI.513609328
PandaTrj/Genetic.gen
TencentP2P-Worm.Win32.Palevo.za
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Farfli.BVW!tr
BitDefenderThetaAI:Packer.A9D6503C1C
AVGWin32:Malware-gen
Cybereasonmalicious.7c8f96
AvastWin32:Malware-gen

How to remove Trojan.Heur.lmMfz0jxHIlj?

Trojan.Heur.lmMfz0jxHIlj removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment