About “Trojan.Multi.Powedon” infection

The Trojan.Multi.Powedon is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Multi.Powedon virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine Trojan.Multi.Powedon?


File Info:
name: 3D47FB72EFF7FE9E63F7.mlw
path: /opt/CAPEv2/storage/binaries/97a0ba59a23682458a25a4a00cc17a01b7a78ff93f74c33092fc76854b6237eb
crc32: A700164C
md5: 3d47fb72eff7fe9e63f7da1a6100cc42
sha1: b98f81e5b6b1ae4aed9e3cf4b9cc6f600a8550d8
sha256: 97a0ba59a23682458a25a4a00cc17a01b7a78ff93f74c33092fc76854b6237eb
sha512: 496584316761a89fc1c3c4dde6e8a4360531dc67a2232d88fe65342676f63bb49806f8ddefd9c9b4c5ee1fffe94a37ff0be92cf4fe9fb5a5a0af8da959da2873
ssdeep: 6144:DyzDOd+3hUP1NIX6SCiYYYYYYYYYYYRYYYYYYYYYYiPhDc:DyzDkGAfc6AYYYYYYYYYYYRYYYYYYYY/
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1AE344C52F28042E8D02E9DF5359564B14F733E173100A92E9B527B7F1FF339298366AA
sha3_384: 2fe9fc8b164727e2550f55acd5e7852a433cdcfff3d5e030fa336e25776ea1588ba43fd6e838bc95b0051499818b23dc
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-13 07:40:15

Version Info:
Translation: 0x0000 0x04b0
Comments: 4e626252-3337-11ed-be1c-001c42b0e19c
CompanyName: 4e626252-3337-11ed-be1c-001c42b0e19c
FileDescription: 4e626252-3337-11ed-be1c-001c42b0e19c
FileVersion: 0.0.0.0
InternalName: 4e626252-3337-11ed-be1c-001c42b0e19c.exe
LegalCopyright: 4e626252-3337-11ed-be1c-001c42b0e19c
LegalTrademarks: 4e626252-3337-11ed-be1c-001c42b0e19c
OriginalFilename: 4e626252-3337-11ed-be1c-001c42b0e19c.exe
ProductName: 4e626252-3337-11ed-be1c-001c42b0e19c
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Trojan.Multi.Powedon also known as:

Bkav	W32.AIDetectNet.01
MicroWorld-eScan	Gen:Variant.Bulz.289250
FireEye	Gen:Variant.Bulz.289250
Malwarebytes	Trojan.MalPack.MSIL
Cybereason	malicious.2eff7f
Elastic	malicious (moderate confidence)
Kaspersky	HEUR:Trojan.Multi.Powedon.gen
BitDefender	Gen:Variant.Bulz.289250
Avast	Win32:TrojanX-gen [Trj]
Ad-Aware	Gen:Variant.Bulz.289250
Emsisoft	Gen:Variant.Bulz.289250 (B)
VIPRE	Gen:Variant.Bulz.289250
GData	Gen:Variant.Bulz.289250
Webroot	W32.Malware.Gen
MAX	malware (ai score=81)
Arcabit	Trojan.Bulz.D469E2
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win32.ServStart.R105969
ALYac	Gen:Variant.Bulz.289250
Cylance	Unsafe
APEX	Malicious
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:TrojanX-gen [Trj]

How to remove Trojan.Multi.Powedon?

Trojan.Multi.Powedon removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X