Trojan

Trojan.Heur.pmKfrWO3A6nS (file analysis)

Malware Removal

The Trojan.Heur.pmKfrWO3A6nS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.pmKfrWO3A6nS virus can do?

  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself
  • Interacts with known DarkComet registry keys
  • Creates known Fynloski/DarkComet mutexes

Related domains:

darcomet123.ddns.net

How to determine Trojan.Heur.pmKfrWO3A6nS?



File Info:

crc32: 83C16989
md5: 01787fa5fe9465063fab0837acd35ccf
name: hack_exe100000000000.exe
sha1: 749daf7117d881b5fd8bff165351a65556f81ffb
sha256: 49bc5673b1c02e367426eeb2b5641fd0f94a1f8d59bedc56699a6bd7ca98fbe7
sha512: 46ebc05231b428af0bdbb99998db720595c62e24da36a2bdd78341c83d9cd3ad7ee89f0b4539c2eff43fdfca8fbf58cc9db15c0430c2f843c10707e2bd70cee9
ssdeep: 6144:GcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ8:GcWkbgTYWnYnt/IDYhP
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Copyright (C) 1999
InternalName: MSRSAAPP
FileVersion: 1, 0, 0, 1
CompanyName: Microsoft Corp.
Comments: Remote Service Application
ProductName: Remote Service Application
ProductVersion: 4, 0, 0, 0
FileDescription: Remote Service Application
OriginalFilename: MSRSAAP.EXE
Translation: 0x0409 0x04b0

Trojan.Heur.pmKfrWO3A6nS also known as:

BkavW32.BitwanD.Trojan
DrWebBackDoor.Tordev.9
MicroWorld-eScanGen:Trojan.Heur.pmKfrWO3A6nS
FireEyeGeneric.mg.01787fa5fe946506
CAT-QuickHealBackdoor.Fynloski.A9
Qihoo-360HEUR/QVM11.1.E0C2.Malware.Gen
McAfeeGeneric.gj
CylanceUnsafe
VIPREBackdoor.Win32.Fynloski.A (v)
SangforMalware
K7AntiVirusTrojan ( 004bc4d11 )
BitDefenderGen:Trojan.Heur.pmKfrWO3A6nS
K7GWTrojan ( 004bc4d11 )
Cybereasonmalicious.5fe946
TrendMicroBKDR_FYNLOS.SMM
BitDefenderThetaAI:Packer.07FA9E681C
CyrenW32/Fynloski.FWDO-2352
SymantecBackdoor.Breut!gm
TotalDefenseWin32/Fynloski.A!generic
APEXMalicious
ClamAVWin.Trojan.DarkKomet-1
GDataWin32.Trojan-Spy.DarkComet.J
KasperskyBackdoor.Win32.DarkKomet.gwbu
NANO-AntivirusTrojan.Win32.Tordev.dgnepn
RisingBackdoor.Pontoeb!1.6637 (RDMK:cmRtazrhk5OK/+T+Mw+PRyMheGhg)
Ad-AwareGen:Trojan.Heur.pmKfrWO3A6nS
SophosTroj/Fynlosk-AK
ComodoTrojWare.Win32.Fynloski.B@57zt85
F-SecureBackdoor.BDS/Backdoor.Gen
BaiduWin32.Backdoor.Agent.l
ZillyaTrojan.Fynloski.Win32.742
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Backdoor.dc
Trapminemalicious.moderate.ml.score
CMCBackdoor.Win32.DarkKomet!O
EmsisoftBackdoor.DarkKomet (A)
SentinelOneDFI – Malicious PE
F-ProtW32/Fynloski.BA
JiangminTrojan/Genome.bomw
WebrootW32.Trojan.Gen
AviraBDS/Backdoor.Gen
Endgamemalicious (moderate confidence)
ArcabitTrojan.Heur.pmKfrWO3A6nS
SUPERAntiSpywareTrojan.Agent/Gen-Delf
ZoneAlarmBackdoor.Win32.DarkKomet.gwbu
MicrosoftVirTool:Win32/CeeInject.AJJ!bit
TACHYONBackdoor/W32.DP-DarkKomet.674816.B
AhnLab-V3Win-Trojan/FCN.140610.X1341
Acronissuspicious
VBA32Backdoor.Tordev
MAXmalware (ai score=81)
MalwarebytesBackdoor.Packed.DK
PandaTrj/Genetic.gen
ZonerTrojan.Win32.29578
ESET-NOD32a variant of Win32/Fynloski.AN
TrendMicro-HouseCallBKDR_FYNLOS.SMM
TencentBackdoor.Win32.DarkKomet.zem
YandexTrojan.Comet.Gen.LO
IkarusBackdoor.Win32.DarkKomet
eGambitRAT.DarkComet
FortinetW32/Generic.AC.DB56!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureBackdoor.W32.DarkKomet.aagr

How to remove Trojan.Heur.pmKfrWO3A6nS?

Trojan.Heur.pmKfrWO3A6nS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment