Trojan

About “Trojan.Swizzor.Gen.5” infection

Malware Removal

The Trojan.Swizzor.Gen.5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Swizzor.Gen.5 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the shellcode patterns malware family
  • Attempts to modify proxy settings
  • CAPE detected injection into a browser process, likely for Man-In-Browser (MITB) infostealing
  • Touches a file containing cookies, possibly for information gathering
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan.Swizzor.Gen.5?



File Info:

name: 828A1EB3E6AA73FC3FA0.mlw
path: /opt/CAPEv2/storage/binaries/aa28cfba24b891abb0f9753c33aa387806824e5eb4f8d0354e9b58c20510359c
crc32: 3693701B
md5: 828a1eb3e6aa73fc3fa0282497c8193b
sha1: 243caf523f14c6f73dd36d12308d1549b20519be
sha256: aa28cfba24b891abb0f9753c33aa387806824e5eb4f8d0354e9b58c20510359c
sha512: 8f6a880024f1117acdcad2399e212c2ffa003aa3f247444bae3704225ba931ed6cb3b31ee9e638c8bc2b3acd389764185326f662394ec8650e4529118f046b37
ssdeep: 12288:X1ZVB181AoE9k6xrYFRHSjboLJCoOqly4G/QTYMlNOZnLlqeCm7/AP:lRAAPxrYF9Sfoe0MMlI1hZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FDE4D0D1B798A12AF4E629F04F75CF59AB64FE614B2881C7A3941F8D56341E0AE30373
sha3_384: 50b648e9009e1a094c0519cb249123f33adedb7e6fac6613f0495870c61c1681e74665db89b0491790d58080eddb7c6e
ep_bytes: 558bece8b8d00200e8030000005dc3cc
timestamp: 2007-11-05 20:41:41


Version Info:

CompanyName: Plapeo matra
FileDescription: Progress garehea or heray
FileVersion: 3, 5, 0, 5
InternalName: Wior
LegalCopyright: Icea in fizeithi bersa trust
OriginalFilename: Wior.exe
ProductName: Bseson mpimena ftue
ProductVersion: 3, 5, 0, 5
Translation: 0x0409 0x04e4

Trojan.Swizzor.Gen.5 also known as:

BkavW32.Common.1BFD861A
LionicTrojan.Win32.Swizzor.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Swizzor.Gen.5
FireEyeGeneric.mg.828a1eb3e6aa73fc
SkyhighBehavesLike.Win32.Backdoor.jc
McAfeeSwizzor.gen.g
MalwarebytesSwizzor.Trojan.Downloader.DDS
ZillyaDownloader.Obfuscated.Win32.2486
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( f10003021 )
AlibabaTrojanDownloader:Win32/Swizzor.607ce914
K7GWTrojan ( f10003021 )
CrowdStrikewin/malicious_confidence_90% (W)
BitDefenderThetaAI:Packer.A12E183C1F
VirITTrojan.Win32.X-Swizzor.CFW
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Swizzor.NFP
APEXMalicious
TrendMicro-HouseCallMal_Swizzor
KasperskyTrojan.Win32.Swizzor.c
BitDefenderTrojan.Swizzor.Gen.5
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Crypt-SBE [Trj]
EmsisoftTrojan.Swizzor.Gen.5 (B)
F-SecureTrojan.TR/Dldr.Swizzor.Gen
DrWebTrojan.Swizzor.based
VIPRETrojan.Swizzor.Gen.5
TrendMicroMal_Swizzor
Trapminesuspicious.low.ml.score
SophosMal/Swizzor-K
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=100)
GDataTrojan.Swizzor.Gen.5
JiangminTrojanDownloader.Obfuscated.djc
GoogleDetected
AviraTR/Dldr.Swizzor.Gen
VaristW32/Swizzor.E.gen!Eldorado
Antiy-AVLTrojan[Downloader]/Win32.Swizzor
KingsoftWin32.Trojan.Swizzor.c
XcitiumTrojWare.Win32.Swizzor.~Gen2@1pe4lv
ArcabitTrojan.Swizzor.Gen.5
ViRobotTrojan.Win.Z.Swizzor.704512.A
ZoneAlarmTrojan.Win32.Swizzor.c
MicrosoftSpyware:Win32/C2Lop.B
CynetMalicious (score: 99)
AhnLab-V3Win-Trojan/Swizzor.Gen
ALYacTrojan.Swizzor.Gen.5
TACHYONTrojan-Downloader/W32.Obfuscated.704512.H
VBA32SScope.Trojan.Swizzor
Cylanceunsafe
PandaTrj/Swizzor.S
RisingTrojan.Generic@AI.92 (RDML:Z2DJUMkU2TpAfbCeVm51XQ)
YandexTrojan.DL.Obfuscated!9tyZYPoAlPg
IkarusTrojan.Win32.C2Lop
FortinetW32/Swizzor.fam!tr
AVGWin32:Crypt-SBE [Trj]
Cybereasonmalicious.3e6aa7
DeepInstinctMALICIOUS
alibabacloudTrojan[downloader]:Win/Swizzor.NFP

How to remove Trojan.Swizzor.Gen.5?

Trojan.Swizzor.Gen.5 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment