Trojan.MalPack.DLF (file analysis)

The Trojan.MalPack.DLF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan.MalPack.DLF virus can do?

• Executable code extraction
• Injection (inter-process)
• Injection (Process Hollowing)
• Creates RWX memory
• A process attempted to delay the analysis task.
• Drops a binary and executes it
• Executed a process and injected code into it, probably while unpacking
• Attempts to repeatedly call a single API many times in order to delay analysis time
• Steals private information from local Internet browsers
• Installs itself for autorun at Windows startup
• Creates a hidden or system file
• Creates a copy of itself
• Harvests credentials from local FTP client softwares
• Harvests information related to installed instant messenger clients
• Harvests information related to installed mail clients
• Attempts to interact with an Alternate Data Stream (ADS)
• Collects information to fingerprint the system
• Anomalous binary characteristics

How to determine Trojan.MalPack.DLF?

File Info:
crc32: 9BD46736md5: 5e37f4dc1b17bdb4ce83e6e41e2fb499name: 11140708.jpgsha1: d5cf2049c60595e5f89973767f743f8e2a32f10asha256: a1931e31c77f9d5bbc1233bada168758f0f85fc094dceb0420dc88b0dc64855asha512: cc4d5c679badfb3bafd5d7307281d2011427b39f138764d2c64923c3b2e3a8cbe427b3d72fb1b6ec138cd4219a54f7704624ff1667fecef6e1c539d54f24c1a2ssdeep: 12288:GmSsThNfjnNJrq7q0zYrs+DCOqafOHeIR2IpmNNnmx70:G7s37nNJF0w7pjfOHEdTmx70type: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: (C) 2016 philandro Software GmbHFileVersion: 4.3.0.0CompanyName: philandro Software GmbHProductName: AnyDeskProductVersion: 4.3FileDescription: AnyDeskTranslation: 0x0000 0x04e4

Trojan.MalPack.DLF also known as:

MicroWorld-eScan	Gen:Variant.Ulise.86505
FireEye	Generic.mg.5e37f4dc1b17bdb4
Cylance	Unsafe
SUPERAntiSpyware	Trojan.Agent/Gen-Injector
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:Win32/Lokibot.7a49e783
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.9c6059
Arcabit	Trojan.Ulise.D151E9
Invincea	heuristic
BitDefenderTheta	Gen:NN.ZelphiF.32250.WG0@aWnUYPli
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	TrojanSpy.Win32.LOKI.SMAD1.hp
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Gen:Variant.Ulise.86505
Paloalto	generic.ml
AegisLab	Trojan.Win32.Malicious.4!c
Ad-Aware	Gen:Variant.Ulise.86505
DrWeb	Trojan.Siggen8.55082
TrendMicro	TrojanSpy.Win32.LOKI.SMAD1.hp
McAfee-GW-Edition	BehavesLike.Win32.Worm.bh
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
APEX	Malicious
Webroot	W32.Trojan.Gen
MAX	malware (ai score=88)
Antiy-AVL	Trojan[Backdoor]/Win32.Androm
Microsoft	Trojan:Win32/Lokibot.C!MTB
Endgame	malicious (high confidence)
ZoneAlarm	HEUR:Backdoor.Win32.Androm.gen
GData	Win32.Trojan-Stealer.LokiBot.V4CTFZ
AhnLab-V3	Win-Trojan/Delphiless02.Exp
Acronis	suspicious
McAfee	Fareit-FQC!5E37F4DC1B17
Malwarebytes	Trojan.MalPack.DLF
ESET-NOD32	a variant of Win32/Injector.EIWO
Rising	Trojan.Wacatac!8.10C01 (TFE:5:ItywCp7OBMV)
Ikarus	Win32.Outbreak
Fortinet	W32/Injector.EESQ!tr
Panda	Generic Suspicious
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Win32/Backdoor.650

How to remove Trojan.MalPack.DLF?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.