About “Trojan.Ipamor” infection

The Trojan.Ipamor is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Ipamor virus can do?

Sample contains Overlay data
Presents an Authenticode digital signature
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan.Ipamor?


File Info:
name: F189EC23686C0ECE8C70.mlw
path: /opt/CAPEv2/storage/binaries/12e2facd5eb1ec10c625e0f4768c7b989a58248ccf83c3c29a48d3bb5135c80d
crc32: 381BD628
md5: f189ec23686c0ece8c7030dc97dff957
sha1: 67d3725aa48192f3ebf3e63b2db0003b744b6405
sha256: 12e2facd5eb1ec10c625e0f4768c7b989a58248ccf83c3c29a48d3bb5135c80d
sha512: 373e59adeb19f2f0553050759e20aab030c4c4476afcd20d90ba490b7f24b7fc64a92dd598f00e6729404473ddec83c35411cb3e4edd890ff794ee3b8fc7197f
ssdeep: 24576:+eZjA56lzf96H0UfPi1dJU4hlzf96H0DinLM2DKnxYaXJi2Y3MpbwnCvzb4cbmYf:+CXlMHH/4hlMHHDkYOMwwnMb4PmyV6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A7A54901A7938077EDA22170846A67184771BFB02F36D6DBAF407A1AFD717C159323BA
sha3_384: f3bb18ed7cdaf54c321d91606a94daba817ee6cfef13fe10e04f5ac294878e5dbd0debc12ad0d1fbc9b2bcab83181f06
ep_bytes: 558bec83ec44e8f140000085c07401cc
timestamp: 2001-03-09 21:58:42

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Microsoft Application Error Reporting
FileVersion: 10.0.2701
InternalName: DW
LegalCopyright: Copyright© Microsoft Corporation 1999-2001.  All rights reserved.
LegalTrademarks1: Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2: Windows® is a registered trademark of Microsoft Corporation.
OriginalFilename: DW.Exe
ProductName: Microsoft Application Error Reporting
ProductVersion: 10.0.2701
Built by: OFFMSO5
Translation: 0x0000 0x04e4

Trojan.Ipamor also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Ipamor.4!c
tehtris	Generic.Malware
Skyhigh	BehavesLike.Win32.RealProtect.vh
McAfee	Artemis!F189EC23686C
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.ins
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Sophos	Generic ML PUA (PUA)
Ikarus	Exploit.ShellCode
Varist	W32/Ipamor.AO.gen!Eldorado
Antiy-AVL	GrayWare/Win32.Tampering.x
Google	Detected
VBA32	Trojan.Ipamor
Rising	Spyware.Zbot!1.648A (CLOUD)
SentinelOne	Static AI – Malicious PE
Fortinet	W32/Ipamor.0CD6!tr
DeepInstinct	MALICIOUS

How to remove Trojan.Ipamor?

Trojan.Ipamor removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X