Trojan

Trojan.MauvaiseRI.S5259968 (file analysis)

Malware Removal

The Trojan.MauvaiseRI.S5259968 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.MauvaiseRI.S5259968 virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Unconventionial language used in binary resources: Hungarian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.MauvaiseRI.S5259968?



File Info:

name: FEC2011F03D3652ED304.mlw
path: /opt/CAPEv2/storage/binaries/5c8abdf2efef56f770604b27b3aecb62111e168cc1e139d098f44453aaf68e90
crc32: EA351A4B
md5: fec2011f03d3652ed3048e1ecb2c353b
sha1: 0d18adef45af89594f203bf2cfcb60ab7fcff97b
sha256: 5c8abdf2efef56f770604b27b3aecb62111e168cc1e139d098f44453aaf68e90
sha512: 606f2f00293271b641b9fa2a07576aa4088c94121cfbaba737e02fceec913f2d9b4861c0e74b0c5cc3a9f112f672dabb317b22731d2f531a03625d9fb1bea723
ssdeep: 3072:ECRzcMBwRKE44U+AkWRSUG44Kr8pPEwyjrBceCtB7dzzN5cq7cOq:DacfT+AkWRSyEPEwABceCt5Fz3w
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FA041226F3590320D13188757FEEA9B26AD80A183C5C5347DA2F583A7C14A5EBFB2D25
sha3_384: 1cb3cb8ccc8bcfe0563f3a8c93b68ddf94c429bef03fe4c584925cabbee2d1bf6c19da14641da219900b9d908ca42fd8
ep_bytes: 60be004043008dbe00d0fcff57eb0b90
timestamp: 2018-06-03 09:08:41


Version Info:

CompanyName: Dege's stuff
FileDescription: dgVoodoo 2.55.1 Control Panel
FileVersion: 2.5.5.1
InternalName: dgVoodooCpl.rc
LegalCopyright: Copyright (C) 2013-2018
OriginalFilename: dgVoodooCpl.exe
ProductName: dgVoodoo
ProductVersion: 2.5.5.1
Translation: 0x0409 0x04b0

Trojan.MauvaiseRI.S5259968 also known as:

BkavW32.AIDetect.malware2
FireEyeGeneric.mg.fec2011f03d3652e
CAT-QuickHealTrojan.MauvaiseRI.S5259968
CylanceUnsafe
APEXMalicious
McAfee-GW-EditionBehavesLike.Win32.BadFile.cc
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!FEC2011F03D3
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_60% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.MauvaiseRI.S5259968?

Trojan.MauvaiseRI.S5259968 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment