Trojan

Trojan.SdumPMF.S19186581 malicious file

Malware Removal

The Trojan.SdumPMF.S19186581 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.SdumPMF.S19186581 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Trojan.SdumPMF.S19186581?



File Info:

name: D46B71D562BCD473DA6B.mlw
path: /opt/CAPEv2/storage/binaries/a1f2fa29c77e3a1e32104304ce8f871e50a942a4be8555193b3dca6d52d9aee8
crc32: 4A20752D
md5: d46b71d562bcd473da6b2b284d5bb4bb
sha1: 1698c6f509bd22faff394bb1754a12dfce5c9b65
sha256: a1f2fa29c77e3a1e32104304ce8f871e50a942a4be8555193b3dca6d52d9aee8
sha512: 15d767c0bf5e76b8f17929b945922d253db290ea40a1dfa318fe13ca4eb4c3410547768310d7aa75d76944c5b1366708cb1d0e37d65f83877963d309ca10a88c
ssdeep: 12288:iu4lNAtYytvS5Aku1YLYxdkUoDj9JU01tuMsTp:iwhtvSLuFeUoPo0uM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17DB4CF21B690C033E51312754879A77A992FAA715B3095C797EC0E7EBF663C39B3034A
sha3_384: e440cff0158489cbe6d6085369b175521e7d642d7aaa118ee768df24b2aea0187de629feccf9c6ea9bdbc3b93943d63c
ep_bytes: e8a8620000e995feffff3b0d60a64300
timestamp: 2021-02-08 15:36:51


Version Info:

CompanyName: rxzgico                                                                                                                                                                                 
FileDescription: rxzgico                                                                                                                       
FileVersion: 1.0.0.1                                                        
InternalName: AICONExe.exe                                                                                                                  
LegalCopyright: Copyright (C) 2020                                                                                                                  
OriginalFilename: rxzgico.exe                                                                                                                   
ProductName: rxzgico                                                                                                                      
ProductVersion: 1.0.0.1                                                              
Translation: 0x0804 0x04b0

Trojan.SdumPMF.S19186581 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebBackDoor.Donbot.49
MicroWorld-eScanTrojan.GenericKD.45995238
FireEyeGeneric.mg.d46b71d562bcd473
CAT-QuickHealTrojan.SdumPMF.S19186581
McAfeeGenericRXNT-FQ!D46B71D562BC
CylanceUnsafe
ZillyaTrojan.Sdum.Win32.3130
SangforVirus.Win32.Save.a
K7AntiVirusAdware ( 00587e7b1 )
K7GWAdware ( 00587e7b1 )
CrowdStrikewin/malicious_confidence_60% (D)
BitDefenderThetaGen:NN.ZexaF.34294.Eu0@a4OW2Wgj
CyrenW32/S-acd89e8f!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Softcnapp.BK potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R035C0DKO21
ClamAVWin.Malware.Zusy-9833054-0
KasperskyHEUR:Trojan.Win32.Sdum.gen
BitDefenderTrojan.GenericKD.45995238
NANO-AntivirusTrojan.Win32.Sdum.ilzhqt
AvastWin32:TrojanX-gen [Trj]
RisingAdware.Agent!1.CE32 (CLASSIC)
Ad-AwareTrojan.GenericKD.45995238
SophosSoftcnapp (PUA)
TrendMicroTROJ_GEN.R035C0DKO21
McAfee-GW-EditionBehavesLike.Win32.Generic.gc
SentinelOneStatic AI – Malicious PE
EmsisoftTrojan.GenericKD.45995238 (B)
IkarusPUA.Softcnapp
GDataWin32.Trojan.PSE.1BG3RAH
JiangminTrojan.Sdum.lf
Antiy-AVLTrojan/Generic.ASMalwS.3155D2D
ArcabitTrojan.Generic.D2BDD4E6
MicrosoftTrojan:Win32/Glupteba.OE!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4292178
VBA32Trojan.Sdum
ALYacTrojan.GenericKD.45995238
MalwarebytesPUP.Optional.Softcnapp
APEXMalicious
TencentTrojan.Win32.BitCoinMiner.la
YandexTrojan.Sdum!Po6C0NaBU1Y
MAXmalware (ai score=82)
FortinetW32/Zusy.367607!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.562bcd
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.115096307.susgen

How to remove Trojan.SdumPMF.S19186581?

Trojan.SdumPMF.S19186581 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment