Categories: Trojan

How to remove “Trojan.Heur.RP.emGfbiCjDEgi”?

The Trojan.Heur.RP.emGfbiCjDEgi is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Heur.RP.emGfbiCjDEgi virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Attempts to connect to a dead IP:Port (255 unique times)
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
A named pipe was used for inter-process communication
Enumerates running processes
Manipulates data from or to the Recycle Bin
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Creates an autorun.inf file
Authenticode signature is invalid
Steals private information from local Internet browsers
Collects and encrypts information about the computer likely to send to C2 server
Performs a large number of encryption calls using the same key possibly indicative of ransomware file encryption behavior
Exhibits possible ransomware file modification behavior
Creates a hidden or system file
CAPE detected the Conti malware family
Harvests cookies for information gathering

How to determine Trojan.Heur.RP.emGfbiCjDEgi?


File Info:
name: A2F8A87B8F59CAB218A7.mlwpath: /opt/CAPEv2/storage/binaries/2405fe4f42d2314087bf3e638f5bd3b1bf706bab6403ab0242e36a6130a6b452crc32: FF2ABEC6md5: a2f8a87b8f59cab218a754325dd314acsha1: a9807e10a2cb6438e48753e81b896d9d888ad1b9sha256: 2405fe4f42d2314087bf3e638f5bd3b1bf706bab6403ab0242e36a6130a6b452sha512: 9a46588b454c393a7685c3037c91f6f038fd65729efd8066b451fff3bdd611a78b0fcc073f6e78c493fcd47134a80e40391378a006d5e6a199da5a368b6f4e1cssdeep: 1536:bJQ/kJfTKUDe7ygOAJa5RsVkZOWeLCs3HaFQB5reWPuYM1m3e:e/WLecEVfWAHaFYDPbM1type: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1CE73F2B35ADAAFF7E55523BDC6221C729883B02C090718CA491DF1ED1CDD88C794A9A5sha3_384: 0cfdeb522c913dc13825054933f5ca53a846332e8f6f2e6bb428b16cf2b7f848fc74b1e5e0eba5ba32b1ce1a16d2c007ep_bytes: 60be008042008dbe0090fdff5783cdfftimestamp: 2022-06-22 14:54:23
Version Info:
0: [No Data]

Trojan.Heur.RP.emGfbiCjDEgi also known as:

MicroWorld-eScan	Gen:Trojan.Heur.RP.emGfbiCjDEgi
FireEye	Generic.mg.a2f8a87b8f59cab2
McAfee	Artemis!A2F8A87B8F59
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.b8f59c
BitDefenderTheta	AI:Packer.78C21E2A1F
Elastic	malicious (moderate confidence)
ESET-NOD32	a variant of Win32/Filecoder.Conti.N
TrendMicro-HouseCall	Ransom.Win32.CONTI.SMTH.hp
Kaspersky	UDS:Trojan-Ransom.Win32.Generic
BitDefender	Gen:Trojan.Heur.RP.emGfbiCjDEgi
Avast	Win32:Malware-gen
Rising	Ransom.Conti!8.11736 (CLOUD)
Ad-Aware	Gen:Trojan.Heur.RP.emGfbiCjDEgi
Emsisoft	Gen:Trojan.Heur.RP.emGfbiCjDEgi (B)
TrendMicro	Ransom.Win32.CONTI.SMTH.hp
McAfee-GW-Edition	BehavesLike.Win32.Downloader.lc
Trapmine	malicious.high.ml.score
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan-Ransom.Conti
GData	Gen:Trojan.Heur.RP.emGfbiCjDEgi
Jiangmin	Trojan.Agent.dmrd
Avira	HEUR/AGEN.1228776
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
ALYac	Gen:Trojan.Heur.RP.emGfbiCjDEgi
MAX	malware (ai score=89)
VBA32	BScope.TrojanRansom.Cryptor
Malwarebytes	Malware.Heuristic.1003
APEX	Malicious
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Conti.F!tr.ransom
AVG	Win32:Malware-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_70% (W)