Trojan

Trojan.Mardom.MN.22 removal

Malware Removal

The Trojan.Mardom.MN.22 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Mardom.MN.22 virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the DCRat malware family
  • Binary file triggered YARA rule
  • Anomalous binary characteristics

How to determine Trojan.Mardom.MN.22?



File Info:

name: 85A0640F71BA0138E450.mlw
path: /opt/CAPEv2/storage/binaries/0f55058be93f8f8a3e688f69858fa7a4a93d53a51948fc7d33ae3fbd9f127e53
crc32: A9DF21CD
md5: 85a0640f71ba0138e45000c70b91e14c
sha1: 43ad58e9e60e2dc75f9f7d286f62e47d2c56de8e
sha256: 0f55058be93f8f8a3e688f69858fa7a4a93d53a51948fc7d33ae3fbd9f127e53
sha512: 1a0f098e10d4cf45b57eccf2a9aa91682003143e99cae559f471bfc252063abb07fe19d09e95253410f218d65707eb39f5d07e20cf66485aaf675a55b5db78f3
ssdeep: 24576:FCNqlizzN4yGwrXLoamoWvXa7IwfvoMODACOfCN2lPy1A9QsD2lPy1A9QnU:8wgKyGwHthIwf7gOqN2wKQsD2wKQnU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C39575342EEA5019F1B3BF7C9AF435959A6FBEA37B27854D0061028A0733A41DDD173A
sha3_384: e1c68e72bdb2e11dc67f4610d414b33252e1b03669ea7db1da0c3c52afc4ac6a5876337d532a402d8ceffd42150f8496
ep_bytes: ff250020f30000000000000000000000
timestamp: 2022-07-24 15:13:08


Version Info:

Build Id: Intouch2400MaintBuild_v0527
CompanyName: Schneider Electric Software, LLC.
Component Id: view_v0041
FileDescription: InTouch WindowViewer
FileVersion: 2400.0631.0527.0041
LegalCopyright: (c) 2015 Schneider Electric Software, LLC. All rights reserved.
LegalTrademarks: Schneider Electric, Wonderware and ArchestrA are trademarks of Schneider Electric SE, its subsidiaries and affiliated companies.
OriginalFilename: View.exe
ProductName: InTouch
ProductVersion: 11.1.13100
Translation: 0x0409 0x04b0

Trojan.Mardom.MN.22 also known as:

BkavW32.AIDetectMalware.CS
Elasticmalicious (high confidence)
DrWebBackDoor.DarkCrystalNET.18
MicroWorld-eScanGen:Trojan.Mardom.MN.22
FireEyeGeneric.mg.85a0640f71ba0138
CAT-QuickHealTrojan.SpynoonFC.S30114833
SkyhighBehavesLike.Win32.DCRAT.tm
McAfeeDCRAT-FDQN!85A0640F71BA
MalwarebytesGeneric.Malware.Agent.DDS
ZillyaTrojan.BasicGen.Win32.1
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:MSIL/DCRat.63ceb6e5
K7GWTrojan ( 005b0c8c1 )
K7AntiVirusTrojan ( 005b0c8c1 )
VirITTrojan.Win32.MSIL_Heur.A
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Spy.Agent.DTR
APEXMalicious
ClamAVWin.Packed.Msilmamut-9987799-0
KasperskyHEUR:Backdoor.MSIL.DCRat.gen
BitDefenderGen:Trojan.Mardom.MN.22
AvastWin32:DropperX-gen [Drp]
TencentBackdoor.MSIL.DCRat.hc
EmsisoftGen:Trojan.Mardom.MN.22 (B)
F-SecureHeuristic.HEUR/AGEN.1371403
VIPREGen:Trojan.Mardom.MN.22
Trapminemalicious.high.ml.score
SophosTroj/DCRat-J
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=88)
JiangminBackdoor.MSIL.ftrw
GoogleDetected
AviraHEUR/AGEN.1371403
VaristW32/MSIL_Kryptik.JBT.gen!Eldorado
Antiy-AVLTrojan[Backdoor]/MSIL.DCRat
Kingsoftmalware.kb.c.994
MicrosoftBackdoor:MSIL/DCRat!pz
ArcabitTrojan.Mardom.MN.22
ZoneAlarmHEUR:Backdoor.MSIL.DCRat.gen
GDataMSIL.Trojan.PSE.11DI5JD
AhnLab-V3Trojan/Win.MSILMamut.C5394515
VBA32Dropper.MSIL.gen
ALYacGen:Trojan.Mardom.MN.22
TACHYONBackdoor/W32.DN-DCRat.2043904
Cylanceunsafe
RisingBackdoor.DCRat!1.E0D3 (CLASSIC)
IkarusTrojan.MSIL.Spy
MaxSecureTrojan.Malware.121218.susgen
FortinetMSIL/Agent.DTR!tr.spy
AVGWin32:DropperX-gen [Drp]
DeepInstinctMALICIOUS

How to remove Trojan.Mardom.MN.22?

Trojan.Mardom.MN.22 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment