Trojan

What is “Trojan.MauvaiseRI.S5254986”?

Malware Removal

The Trojan.MauvaiseRI.S5254986 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.MauvaiseRI.S5254986 virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing
  • Checks the version of Bios, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Attempts to create or modify system certificates
  • Created a service that was not started
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.MauvaiseRI.S5254986?



File Info:

name: 17C42B05AE5A0BD64177.mlw
path: /opt/CAPEv2/storage/binaries/4627fe8753dc5623df74f8291c9e8436f4099104d1ff4a8f129bbf5089096205
crc32: 501AA7EC
md5: 17c42b05ae5a0bd64177b7aec4c293f0
sha1: 2408d96cf789777a7c51a2b2d8ef90998b755347
sha256: 4627fe8753dc5623df74f8291c9e8436f4099104d1ff4a8f129bbf5089096205
sha512: 2bf494326984cc7b2088149c3ae3db902fa99fd79c916f0b6ddd70bcef4a30432835d6b0487b95e8c26f948400bea9f401004610da733f4a18fac928c79fd75c
ssdeep: 24576:zL9I6APK0g+t4kJK80v76xK4u8fukiM06Ymv+xl9QpgTBUFWk3R7QAW5lqs44Zxe:APKte4cKf76o4u8fwM067clCwBW1RUZK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12F65336918C964F6CC6E3E302A16ECF00C60F5E10F53B5A54D9ADEBA0C39ED791E2653
sha3_384: 61cdac69ccb34eccda76ea7053aaf568ae5d496f00fc1fe954614a7d7ac62477ca9c25794346fba00b5a847b14f67428
ep_bytes: 60be008043008dbe0090fcffc7876c96
timestamp: 2018-04-14 08:09:17


Version Info:

CompanyName: Mozilla Corporation
FileDescription: Kingsoft Install Tool
FileVersion: 2.1.4.4
InternalName: Kingsoft Install Tool
LegalCopyright: Copyright (C) 2017 Mozilla Corporation All rights reserved.
OriginalFilename: Kingsoft Install Tool
ProductName: Kingsoft Install Tool
ProductVersion: 2.1.4.4
Translation: 0x0409 0x04b0

Trojan.MauvaiseRI.S5254986 also known as:

MicroWorld-eScanGen:Variant.Lazy.227536
ClamAVWin.Malware.Bugor-9836077-0
FireEyeGeneric.mg.17c42b05ae5a0bd6
CAT-QuickHealTrojan.MauvaiseRI.S5254986
ALYacGen:Variant.Lazy.227536
VIPREGen:Variant.Lazy.227536
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0053012d1 )
K7GWSpyware ( 0052de311 )
Cybereasonmalicious.5ae5a0
SymantecInfostealer
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Spy.Agent.PKE
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Lazy.227536
AvastWin32:JbossMiner-B [Trj]
TencentMalware.Win32.Gencirc.114d83ef
Ad-AwareGen:Variant.Lazy.227536
EmsisoftGen:Variant.Lazy.227536 (B)
F-SecureHeuristic.HEUR/AGEN.1201296
ZillyaTrojan.Agent.Win32.997735
McAfee-GW-EditionGenericRXET-CX!AEBD4323587F
Trapminemalicious.moderate.ml.score
SophosGeneric ML PUA (PUA)
IkarusTrojan-Spy.Agent
GDataGen:Variant.Lazy.227536
JiangminTrojan.Xbash.r
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1201296
Antiy-AVLTrojan/Generic.ASMalwS.3303
ArcabitTrojan.Lazy.D378D0
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Trojan/Win32.Swrort.R225814
McAfeeGenericRXET-CX!AEBD4323587F
MAXmalware (ai score=85)
VBA32BScope.Trojan.Downloader
MalwarebytesMalware.AI.3424695638
RisingTrojan.Occamy!8.F1CD (TFE:5:H4u7ZunJh4H)
YandexTrojan.GenAsa!125NX1n0GRw
SentinelOneStatic AI – Malicious PE
FortinetW32/Agent.PKE!tr
BitDefenderThetaGen:NN.ZexaF.34646.DnMfamOQrmcj
AVGWin32:JbossMiner-B [Trj]
PandaTrj/GdSda.A

How to remove Trojan.MauvaiseRI.S5254986?

Trojan.MauvaiseRI.S5254986 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment