Trojan

How to remove “Trojan.ProcessHijack.4mNfaeDXgwji”?

Malware Removal

The Trojan.ProcessHijack.4mNfaeDXgwji is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.ProcessHijack.4mNfaeDXgwji virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Installs itself for autorun at Windows startup

How to determine Trojan.ProcessHijack.4mNfaeDXgwji?


File Info:

name: AA2C1DC00BC5665BC7D6.mlw
path: /opt/CAPEv2/storage/binaries/8ac1be69db53715d69a19e15e2c59c20ad43da41619088e7cce07f954a8a90f6
crc32: 2F09ACE3
md5: aa2c1dc00bc5665bc7d6c0f65a52767f
sha1: cb5095f5698b02c8d9a5328a238e928dcbca40b4
sha256: 8ac1be69db53715d69a19e15e2c59c20ad43da41619088e7cce07f954a8a90f6
sha512: 8f73d077353dc38d44b9cd029d6ce917959460637000d713dc90f2183c90b60e29a247ba7d1d2815efc18399db9d27a3aedd05000948e37bef3da132467af349
ssdeep: 12288:s2sFUPPazh59RazFa5/48ADKw0Pum/BKzKmmVguljD019VkD2DG/GvbY2ObqF:FsFganGu/4tuWxRmVgg30VkD2y+rObQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BF1523D2B7BD4183D165877EB713222906A6FCB22FD1C1F2495CD4153D938C8AAD2A37
sha3_384: 1bd208a0b0c5abe86560694cacb53ea5c41bc553c4fa7398e828e090f93e860a285f9b5f8c98166d3b77d4958d3ddbdb
ep_bytes: 60be001043008dbe0000fdff57eb0b90
timestamp: 2019-05-29 13:49:02

Version Info:

Comments:
CompanyName:
FileDescription: FlowerPower
FileVersion: 1, 0, 0, 1
InternalName: FlowerPower
LegalCopyright: Copyright (C) 2000
LegalTrademarks:
OriginalFilename: FlowerPower.EXE
PrivateBuild:
ProductName: FlowerPower
ProductVersion: 1, 0, 0, 1
SpecialBuild:
Translation: 0x0c09 0x04b0

Trojan.ProcessHijack.4mNfaeDXgwji also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (moderate confidence)
DrWebTrojan.Inject3.16347
MicroWorld-eScanGen:Trojan.ProcessHijack.4mNfaeDXgwji
FireEyeGeneric.mg.aa2c1dc00bc5665b
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacGen:Trojan.ProcessHijack.4mNfaeDXgwji
CylanceUnsafe
VIPREGen:Trojan.ProcessHijack.4mNfaeDXgwji
SangforSuspicious.Win32.Save.a
K7GWTrojan ( 005619a01 )
K7AntiVirusTrojan ( 005619a01 )
ArcabitTrojan.ProcessHijack.4mNfaeDXgwji
BitDefenderThetaGen:NN.ZexaF.34606.4mNfaeDXgwji
CyrenW32/Agent.BAN.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.GZNI
APEXMalicious
ClamAVWin.Malware.Razy-7056533-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.ProcessHijack.4mNfaeDXgwji
NANO-AntivirusTrojan.Win32.Inject3.fqtflc
SUPERAntiSpywareTrojan.Agent/Gen-Injector
RisingTrojan.Kryptik!1.BA0B (CLASSIC)
Ad-AwareGen:Trojan.ProcessHijack.4mNfaeDXgwji
EmsisoftGen:Trojan.ProcessHijack.4mNfaeDXgwji (B)
ComodoTrojWare.Win32.Injector.AVPL@8d26g3
ZillyaTrojan.GenKryptik.Win32.30456
McAfee-GW-EditionBehavesLike.Win32.Generic.dc
SophosTroj/AutoG-DQ
IkarusTrojan.Win32.Skeeeyah
JiangminTrojan.Nymaim.exo
GoogleDetected
AviraBDS/Poison.mon
Antiy-AVLTrojan/Generic.ASMalwS.C4
MicrosoftTrojan:Win32/Skeeeyah
GDataGen:Trojan.ProcessHijack.4mNfaeDXgwji
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R277962
McAfeeGenericRXNM-SA!AA2C1DC00BC5
MAXmalware (ai score=80)
VBA32SScope.Trojan.Hlux
MalwarebytesGeneric.Trojan.Malicious.DDS
PandaTrj/Genetic.gen
TencentBackdoor.Win32.Bladabindi.zc
YandexTrojan.GenAsa!jwQBWYdc2PY
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.GZNI!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen

How to remove Trojan.ProcessHijack.4mNfaeDXgwji?

Trojan.ProcessHijack.4mNfaeDXgwji removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment