Trojan.Mardom.ON.19 (file analysis)

The Trojan.Mardom.ON.19 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Mardom.ON.19 virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan.Mardom.ON.19?


File Info:
name: 69F55200EE843A80B2DD.mlw
path: /opt/CAPEv2/storage/binaries/b88f44e0aaa2aebb5ede727989ba57ea7ae614bb398ab196037a563e3c313bb0
crc32: BB06D279
md5: 69f55200ee843a80b2ddf5790ff210a9
sha1: 9d60b95a33bb0422f01297f6549813ce367b3dac
sha256: b88f44e0aaa2aebb5ede727989ba57ea7ae614bb398ab196037a563e3c313bb0
sha512: 6a091d663384101a3c5b2753df348fa6a7afae5d0b4b5180877cbb9c8bedf9949f48b863282dc949b46014751bc93a89c7d2258fc3635a104c85422a78e5f4dd
ssdeep: 49152:o1iJk1ZcRLaGGYbLMLJGasS68dgjh0iLR:
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12A36382439FA501AB173EFAA8BE479EADA6FB7733B07645D109003864723981DDC153E
sha3_384: c28979bb85c311a68a68b2ba0c95c4e2d966daf69ddeb636c17fc9c7311cb5a5d68dc448099c3f1364a4624f61382ff8
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-04-25 19:19:20

Version Info:
Translation: 0x0000 0x0514
ProductName: zOmsqwx
CompanyName: Sqw8gUjlq4PPcn0m0GgIk
InternalName: Hgz.exe
LegalCopyright: FMGoII
Comments: mDjWfTT
OriginalFilename: isD0Dw4XAxUvdAPSbOt.exe
ProductVersion: 32.968.85.307
FileVersion: 965.642.322.264

Trojan.Mardom.ON.19 also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Trojan.Mardom.ON.19
ALYac	Gen:Trojan.Mardom.ON.19
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
BitDefender	Gen:Trojan.Mardom.ON.19
CrowdStrike	win/malicious_confidence_100% (D)
Cyren	W32/MSIL_Kryptik.HCY.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.ACRB
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
Rising	Trojan.Generic/MSIL@AI.97 (RDM.MSIL:Lv8ICUFKyvwRaygPQfdE/w)
Ad-Aware	Gen:Trojan.Mardom.ON.19
Sophos	ML/PE-A
DrWeb	Trojan.PackedNET.215
FireEye	Generic.mg.69f55200ee843a80
Emsisoft	Gen:Trojan.Mardom.ON.19 (B)
Avira	TR/Dropper.MSIL.Gen
MAX	malware (ai score=84)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Arcabit	Trojan.Mardom.ON.19
GData	MSIL.Trojan.PSE.B1ORP9
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Mardom.C5103216
Acronis	suspicious
TACHYON	Trojan-Spy/W32.DN-InfoStealer.4961280
Malwarebytes	Trojan.Crypt
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ACRB!tr
BitDefenderTheta	Gen:NN.ZemsilF.34638.@p0@ae9u43p
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.0ee843
Avast	Win32:TrojanX-gen [Trj]

How to remove Trojan.Mardom.ON.19?

Trojan.Mardom.ON.19 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X