Trojan

How to remove “Trojan.RaccoonPMF.S26298226”?

Malware Removal

The Trojan.RaccoonPMF.S26298226 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.RaccoonPMF.S26298226 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Hongkong)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • CAPE detected the OnlyLogger malware family
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.RaccoonPMF.S26298226?



File Info:

name: 60EE7B23D6B381462DE1.mlw
path: /opt/CAPEv2/storage/binaries/8db948acb7aef5429f47245a8f9f6996a5a2c3ba075d58016935d9841ee7e0d7
crc32: 36994E0B
md5: 60ee7b23d6b381462de19ec64bd98407
sha1: d4663252d71ee0b862fdbe8551cb9da9456321e0
sha256: 8db948acb7aef5429f47245a8f9f6996a5a2c3ba075d58016935d9841ee7e0d7
sha512: f38861e93d9bfd5ea1b6d9c1e55e37396f47ef889fb0219f42d40d24b6eeec1262f1f15e8d71811ea3157bc96777628f30f576f004c71cf0a773a5a16d5777a1
ssdeep: 12288:KaCjK+lUbHtgvZrtl8CZVdPknyx8tsf7P:jy2bHtSZ5BZXPqs8tsf7P
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19D94AE00BBA0C035F5B722F449B99778A53E7AF15B2490CB53D52AEA9B356E0DC3131B
sha3_384: 4fd130ff75bfe718b13175f0a10ccd670943e9245236d50f21711131892cd7323a36bb8de554b5ddf3741b6b3a31f379
ep_bytes: 8bff558bece876d80000e8110000005d
timestamp: 2020-07-26 08:06:52


Version Info:

0: [No Data]

Trojan.RaccoonPMF.S26298226 also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Siggen16.34915
MicroWorld-eScanTrojan.GenericKD.38581877
FireEyeGeneric.mg.60ee7b23d6b38146
CAT-QuickHealTrojan.RaccoonPMF.S26298226
McAfeePacked-GEE!60EE7B23D6B3
MalwarebytesTrojan.MalPack.GS
ZillyaTrojan.Kryptik.Win32.3683224
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058d2261 )
K7GWTrojan ( 0058d2261 )
Cybereasonmalicious.2d71ee
CyrenW32/Kryptik.GAL.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNZX
TrendMicro-HouseCallTROJ_GEN.R002C0DAK22
Paloaltogeneric.ml
ClamAVWin.Dropper.Mikey-9917324-0
KasperskyHEUR:Trojan.Win32.Strab.gen
BitDefenderTrojan.GenericKD.38581877
AvastWin32:Trojan-gen
TencentWin32.Trojan.Strab.Wpac
Ad-AwareTrojan.GenericKD.38581877
BaiduWin32.Trojan.Kryptik.jm
TrendMicroTROJ_GEN.R002C0DAK22
EmsisoftTrojan.Crypt (A)
IkarusTrojan-Ransom.StopCrypt
GDataWin32.Trojan.BSE.11WL534
AviraTR/Crypt.Agent.hgfqw
Antiy-AVLTrojan/Generic.ASMalwS.3518E80
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Raccoon.DE!MTB
CynetMalicious (score: 100)
AhnLab-V3Ransomware/Win.Stop.R465819
Acronissuspicious
VBA32BScope.Backdoor.Mokes
ALYacTrojan.GenericKD.38581877
MAXmalware (ai score=84)
APEXMalicious
RisingTrojan.Strab!8.12D03 (CLOUD)
YandexTrojan.Kryptik!4BfZLnaZ2MI
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HODN!tr
WebrootW32.Trojan.Gen
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.RaccoonPMF.S26298226?

Trojan.RaccoonPMF.S26298226 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment