Trojan

Trojan.ScriptKD.7324 removal instruction

Malware Removal

The Trojan.ScriptKD.7324 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.ScriptKD.7324 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • The following process appear to have been packed with Themida: Fontdrvhost.exe
  • Installs itself for autorun at Windows startup
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine Trojan.ScriptKD.7324?


File Info:

name: 99049E354BE569C6F824.mlw
path: /opt/CAPEv2/storage/binaries/82757aff7b25308108c922a42acd9f61713633dcdf5d858e561c7ddd9b0bf1ae
crc32: B166A744
md5: 99049e354be569c6f82426ae93712b06
sha1: eaa34fc17b52f5c3b1e13a6273c102fb5d104507
sha256: 82757aff7b25308108c922a42acd9f61713633dcdf5d858e561c7ddd9b0bf1ae
sha512: 017addd411a7d1b66e83624444dbb95cea44b07f82d7d904010a92094db47e98949f5598175ae886a921475987ba3ce9b5659ef306f4096923b98457673fbf42
ssdeep: 49152:2UUmpIfg5Qoh7Bi58gMuYfti5pW5w/5q509GblY:2UOohNVgMpR5qS09GK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF85335333E2497BE72177323F3AB77DDA3C6530936A2108BB91564FABB54909980B13
sha3_384: 4d1d8ee3030426c2d7969972732cb58f5a8d454933ceb80f4fcbbabf8e2c21989ca6bffea6d39129ff92f45840b735d6
ep_bytes: e8e3feffff33c050505050e8542b0000
timestamp: 2009-08-16 11:05:35

Version Info:

0: [No Data]

Trojan.ScriptKD.7324 also known as:

MicroWorld-eScanTrojan.ScriptKD.7324
FireEyeGeneric.mg.99049e354be569c6
ALYacGen:Variant.Ursu.206603
VIPRETrojan.Win32.Generic!BT
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.54be56
ESET-NOD32a variant of Win32/Packed.Themida.CLO
APEXMalicious
KasperskyTrojan.Win32.Phpw.hod
BitDefenderTrojan.ScriptKD.7324
NANO-AntivirusTrojan.Win32.Phpw.ezflan
AvastWin32:Malware-gen
Ad-AwareTrojan.ScriptKD.7324
EmsisoftTrojan.ScriptKD.7324 (B)
ComodoMalware@#12x1mz3llkjty
DrWebTrojan.Starter.6462
SophosMal/Generic-S
GDataGen:Variant.Ursu.206603
JiangminTrojan.Phpw.vf
MAXmalware (ai score=81)
Antiy-AVLTrojan/Generic.ASMalwS.2520CBF
ArcabitTrojan.ScriptKD.D1C9C
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
McAfeeArtemis!2BEE617AF78C
VBA32Trojan.Phpw
MalwarebytesMalware.Heuristic.1003
RisingTrojan.Generic@ML.99 (RDML:qSVEYJ1q4NyKhr1AT9I03g)
SentinelOneStatic AI – Malicious SFX
FortinetW32/Generic!tr
BitDefenderThetaGen:NN.ZexaF.34084.ND0aaaRD7Xc
AVGWin32:Malware-gen

How to remove Trojan.ScriptKD.7324?

Trojan.ScriptKD.7324 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment