Trojan.PEF13C removal guide

The Trojan.PEF13C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.PEF13C virus can do?

Behavioural detection: Executable code extraction – unpacking
Sample contains Overlay data
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan.PEF13C?


File Info:
name: 2A29C14703E583035E1F.mlw
path: /opt/CAPEv2/storage/binaries/173f00a01fecfbc5e6725b34a30be9ec1d27a76bc069a0adafed99b8566d8af7
crc32: 53795FD5
md5: 2a29c14703e583035e1faef7a6e2cc04
sha1: 9bb9b8c9dad0c914bf691f6e07659c56e750fd58
sha256: 173f00a01fecfbc5e6725b34a30be9ec1d27a76bc069a0adafed99b8566d8af7
sha512: 9813c8edf181bbaa963a58f4123ddd68f0c47473c09adb9192ca5806e7f194e8d6803991e847878d616bcc64eb1fec1bfeeb20828df2080dc713da5b8eb65071
ssdeep: 6144:Zw+vL/h2jzHxLLiUIny3y0sKaVhJ9smVMI0G:TTh2JLLm50xmhJ6vY
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1495401C3F75891D5D7D811348C6286658293BC81E983EC88F6863A3E6DFEF12D621787
sha3_384: 2896a34b69c48ac61117c71f1e365fa8b4c8519b67590e06f82179ce097309b6d082b2e11c497f07e7d4f704040b4fd6
ep_bytes: 6808134000e8eeffffff000000000000
timestamp: 2005-12-07 01:52:32

Version Info:
Translation: 0x0409 0x04b0
CompanyName: Home
FileDescription: Excel file convert to EXE, dependent Excel exe but macro alert free
LegalCopyright: 2003/2005 by Fco Orlando Magalhães Filho
ProductName: XLtoEXE
FileVersion: 1.00.0692
ProductVersion: 1.00.0692
InternalName: XLtoEXE
OriginalFilename: XLtoEXE.exe

Trojan.PEF13C also known as:

Bkav	W32.AIDetect.malware2
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
McAfee	Artemis!2A29C14703E5
Cylance	Unsafe
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.9dad0c
Elastic	malicious (high confidence)
APEX	Malicious
ClamAV	Win.Trojan.Pef13c-7532913-0
Kaspersky	UDS:DangerousObject.Multi.Generic
NANO-Antivirus	Trojan.Win32.Clicker.ekavle
Sophos	Mal/VBDrop-G
Comodo	Malware@#20uf86iqpx4zg
DrWeb	Trojan.Click2.4979
Zillya	Trojan.Genome.Win32.109221
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
FireEye	Generic.mg.2a29c14703e58303
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan/PEF13C.sc
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.2A9A
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
Acronis	suspicious
VBA32	Trojan.PEF13C
Rising	Malware.UDM!1.993F (CLASSIC)
Yandex	Trojan.GenAsa!0oCfqW0FpG4
Fortinet	W32/PEF13C.PSD!tr
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (D)

How to remove Trojan.PEF13C?

Trojan.PEF13C removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X