Trojan

Trojan.IGENERICPMF.S3623145 removal tips

Malware Removal

The Trojan.IGENERICPMF.S3623145 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.IGENERICPMF.S3623145 virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (5 unique times)
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Queries information on disks, possibly for anti-virtualization
  • Behavior consistent with a dropper attempting to download the next stage.
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system

Related domains:

z.whorecord.xyz
a.tomx.xyz
static.16.249.201.195.clients.your-server.de
ocsp.comodoca.com
ocsp.usertrust.com
ocsp.sectigo.com
crl.usertrust.com

How to determine Trojan.IGENERICPMF.S3623145?


File Info:

crc32: 7BDDC6BD
md5: f494b07363570c85554e011644533078
name: F494B07363570C85554E011644533078.mlw
sha1: d66eee1434cfd87e2abe36d8b1ad0d457281b5cc
sha256: 1dbc28d2147ef2e627c54bde642b1a19ed6c291ea8af9838feededdfc1b61224
sha512: d03a3a35198ae8372038657799330ed5a169d5fcb554dd59e62b560fd2c9a34f87cfcf83d947c8d656d1db89db41642ab47f788e3733f3b3bf443d97bc533865
ssdeep: 12288:Acdnbjc8ppRca3WjUslW7kU8RqqcDfFRBBP7r49QI7sBuAic8ZDUjjSl3XY8Vpe/:AcF5x27cpR8Hky+jeBOQ1ltGIBwfpl
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

ProductVersion: 15.0.26121.15
ProductName: AA Comp.EXE
FileVersion: 15.0.26121.15
CompanyName: AA Comp
Translation: 0x0409 0x04b0

Trojan.IGENERICPMF.S3623145 also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0053e8521 )
Elasticmalicious (high confidence)
DrWebTrojan.InstallCube.3714
CynetMalicious (score: 100)
CAT-QuickHealTrojan.IGENERICPMF.S3623145
ALYacApplication.Bundler.ICLoader.5.Gen
CylanceUnsafe
ZillyaAdware.Ekstak.Win32.149
SangforSuspicious.Win32.Save.a
AlibabaTrojan:Win32/Katusha.bff1cb65
K7GWTrojan ( 00535dd71 )
Cybereasonmalicious.363570
CyrenW32/Trojan.CID.gen!Eldorado
SymantecPUA.ICLoader
ESET-NOD32a variant of Win32/Kryptik.GKVX
APEXMalicious
AvastWin32:DangerousSig [Trj]
ClamAVWin.Packed.Icloader-7057426-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderApplication.Bundler.ICLoader.5.Gen
NANO-AntivirusTrojan.Win32.Ekstak.fhtulw
MicroWorld-eScanApplication.Bundler.ICLoader.5.Gen
TencentWin32.Trojan.Falsesign.Eddk
Ad-AwareApplication.Bundler.ICLoader.5.Gen
SophosGeneric PUA NG (PUA)
ComodoApplication.Win32.ICLoader.GS@84429a
F-SecureTrojan.TR/ICLoader.Gen8
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionPacked-FMV!F494B0736357
FireEyeGeneric.mg.f494b07363570c85
EmsisoftApplication.AdFile (A)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.czcfz
AviraTR/ICLoader.Gen8
Antiy-AVLTrojan/Win32.Ekstak
MicrosoftPUADlManager:Win32/InstallCube
ArcabitApplication.Bundler.ICLoader.5.Gen
SUPERAntiSpywareAdware.FileTour/Variant
GDataApplication.Bundler.ICLoader.5.Gen
AhnLab-V3PUP/Win32.ICLoader.R237219
Acronissuspicious
McAfeePacked-FMV!F494B0736357
MAXmalware (ai score=100)
VBA32BScope.Trojan.Ekstak
MalwarebytesAdware.ICLoader
PandaTrj/Genetic.gen
RisingTrojan.Kryptik!1.AA23 (CLASSIC)
YandexTrojan.GenAsa!5c2DBVTlITE
IkarusPUA.ICLoader
MaxSecurePacked.Packed.WIN32.Katusha.gen_212003
FortinetW32/CoinMiner.GYQC!tr
AVGWin32:DangerousSig [Trj]
Paloaltogeneric.ml

How to remove Trojan.IGENERICPMF.S3623145?

Trojan.IGENERICPMF.S3623145 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment