Trojan

What is “Trojan.IgenericRI.S9409231”?

Malware Removal

The Trojan.IgenericRI.S9409231 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.IgenericRI.S9409231 virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Arabic (Saudi Arabia)
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Trojan.IgenericRI.S9409231?



File Info:

crc32: 1C465B90
md5: fa0d674a38ea1e2935a1d080411a4b2f
name: R.exe
sha1: 9a68f887bd97329d9ca60409ad6f2804bcaf1868
sha256: 009a744e1e9bf38a9a578be15442b25070aae17ffba3613ca1d1f629a44a4f23
sha512: 4b4393cd99d4bb154a2021e17a502fe07417346de48ba63bcf722218cdbb99a73b896399527ae3341695648fe18a10dc0e5a7919ced9cc80459a0591462b458d
ssdeep: 6144:oOWJouxT6J+qRMQ5kH8vc2I5oaE50lf39WDz0IzOsXmKdp3rxv52LvWFRm6:1+qWKc2I5ovUmzbXzpd52zA5
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan.IgenericRI.S9409231 also known as:

MicroWorld-eScanTrojan.Autoruns.GenericKDS.42071372
CAT-QuickHealTrojan.IgenericRI.S9409231
McAfeeEmotet-FOX!FA0D674A38EA
CylanceUnsafe
ZillyaTrojan.Emotet.Win32.19076
AegisLabTrojan.Multi.Generic.4!c
K7AntiVirusTrojan ( 0055cd6c1 )
BitDefenderTrojan.Autoruns.GenericKDS.42071372
K7GWTrojan ( 0055cd6c1 )
TrendMicroTrojanSpy.Win32.EMOTET.SMI.hp
F-ProtW32/Trojan2.QAPI
SymantecTrojan Horse
APEXMalicious
AvastWin32:BankerX-gen [Trj]
ClamAVWin.Trojan.Generic-7416724-0
GDataTrojan.Autoruns.GenericKDS.42071372
KasperskyHEUR:Trojan-Banker.Win32.Emotet.pef
AlibabaTrojan:Win32/Emotet.1ce4ed4c
NANO-AntivirusTrojan.Win32.Kryptik.gjrdks
TencentMalware.Win32.Gencirc.10b18652
Endgamemalicious (high confidence)
EmsisoftTrojan.Autoruns.GenericKDS.42071372 (B)
ComodoMalware@#1y5j1pnyh905n
F-SecureTrojan.TR/AD.Emotet.bqqja
DrWebTrojan.DownLoader30.46039
VIPRETrojan.Win32.Generic!BT
Invinceaheuristic
McAfee-GW-EditionEmotet-FOX!FA0D674A38EA
MaxSecureTrojan.Malware.74655265.susgen
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.fa0d674a38ea1e29
SophosMal/Encpk-AOZ
IkarusTrojan-Banker.Emotet
CyrenW32/Trojan.BEDQ-2982
JiangminTrojan.Banker.Emotet.mpi
WebrootW32.Trojan.Emotet
AviraTR/AD.Emotet.bqqja
Antiy-AVLTrojan[Banker]/Win32.Emotet
MicrosoftTrojan:Win32/Emotet.BR!MTB
ArcabitTrojan.Autoruns.GenericS.D281F54C
SUPERAntiSpywareTrojan.Agent/Gen-Emotet
ZoneAlarmHEUR:Trojan-Banker.Win32.Emotet.pef
AhnLab-V3Malware/Win32.RL_Generic.R301691
Acronissuspicious
VBA32Trojan.Downloader
ALYacTrojan.Agent.Emotet
MAXmalware (ai score=81)
Ad-AwareTrojan.Autoruns.GenericKDS.42071372
MalwarebytesTrojan.Emotet
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.GYYM
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.SMI.hp
RisingTrojan.Emotet!1.BFB9 (CLASSIC)
YandexTrojan.GenKryptik!
SentinelOneDFI – Suspicious PE
FortinetW32/Kryptik.HALR!tr
BitDefenderThetaGen:NN.ZexaF.34100.yqX@ayotfKmO
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
Qihoo-360Win32/Trojan.9e8

How to remove Trojan.IgenericRI.S9409231?

Trojan.IgenericRI.S9409231 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment