Trojan

How to remove “Trojan.Heur.zG1avrw2kXcbx”?

Malware Removal

The Trojan.Heur.zG1avrw2kXcbx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Heur.zG1avrw2kXcbx virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks for the presence of known devices from debuggers and forensic tools
  • Anomalous binary characteristics

How to determine Trojan.Heur.zG1avrw2kXcbx?



File Info:

name: E8D3A4A1EE596DD12D58.mlw
path: /opt/CAPEv2/storage/binaries/458299b0a7e50b0b60337e2811372a268299ca41124c5474c4cd1bbb4555ab3e
crc32: E377E04E
md5: e8d3a4a1ee596dd12d585806375ccac7
sha1: 5c96c6f959b035674129de5ed5fd72d72366aeff
sha256: 458299b0a7e50b0b60337e2811372a268299ca41124c5474c4cd1bbb4555ab3e
sha512: e253d99b7b83a6c68630456b5952fd665c6fa27ea89927b088c2a58e3daa71032e8b719ba66aa521ec04ce49c60f1fa7ae5ebc471305df2df68af03389bec73b
ssdeep: 6144:JgZndqWRn4089F2idZecnl20lHRxp3grmfkwN4Igozee0v4DSKnIerRzleqr:JgZd9zyF3Z4mxxPfFWFbvjh+Rdr
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1249422C257A654D5CA1153FBCCBFDDA294968C952A33483B13F1BE832F789E4EAA5000
sha3_384: f3b425f999970456256bd2b845dc3d595099e6376e50978d2758acc0a7f2f464db475acce7ec934c6922c2fd8870c206
ep_bytes: 6801e04700e801000000c3c30ec0e466
timestamp: 2022-01-08 12:24:11


Version Info:

CompanyName: 
FileDescription: RMS Microsoft 基础类应用程序
FileVersion: 1, 0, 0, 1
InternalName: RMS
LegalCopyright: 版权所有 (C) 2002
LegalTrademarks: 
OriginalFilename: RMS.EXE
ProductName: RMS 应用程序
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

Trojan.Heur.zG1avrw2kXcbx also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
ALYacGen:Trojan.Heur.zG1avrw2kXcbx
Cybereasonmalicious.1ee596
ESET-NOD32a variant of Win32/Kryptik.HCAH
APEXMalicious
KasperskyPacked.Win32.Black.d
BitDefenderGen:Trojan.Heur.zG1avrw2kXcbx
MicroWorld-eScanGen:Trojan.Heur.zG1avrw2kXcbx
AvastFileRepMalware
EmsisoftGen:Trojan.Heur.zG1avrw2kXcbx (B)
FireEyeGeneric.mg.e8d3a4a1ee596dd1
SophosMal/Behav-270
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=82)
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GDataGen:Trojan.Heur.zG1avrw2kXcbx
VBA32BScope.Trojan.MulDrop
RisingMalware.Heuristic!ET#80% (RDMK:cmRtazp1GYEb69WlFsPRP9HwAw+n)
IkarusTrojan.Win32.FakeAV
MaxSecureTrojan.Malware.300983.susgen
BitDefenderThetaAI:Packer.091F88911D
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Trojan.Heur.zG1avrw2kXcbx?

Trojan.Heur.zG1avrw2kXcbx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment