About “Trojan.WacatacPMF.S19466583” infection

The Trojan.WacatacPMF.S19466583 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.WacatacPMF.S19466583 virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Reads data out of its own binary image
Authenticode signature is invalid

How to determine Trojan.WacatacPMF.S19466583?


File Info:
name: 744BF37C0631AAEF1C42.mlw
path: /opt/CAPEv2/storage/binaries/d99837c8f138bc35eea608575021afa23e85077832d712c42f8b3197028bf0c7
crc32: 69F6E345
md5: 744bf37c0631aaef1c42b6e9d54986b8
sha1: 6eaf7cd037fa4325630c5cfe56f3c7509589ab2e
sha256: d99837c8f138bc35eea608575021afa23e85077832d712c42f8b3197028bf0c7
sha512: bbcf1b746e4e96524b7d10712bc8e2d5c1708b71826306399240c97c7e5ac3ebd643a072cf7aec5c8df46f7b485901f168195941140b1db850fb88a470c40daa
ssdeep: 3072:9Ezvv0NXRTuLV2bx7/5gZsCbfTiTf3kx+Ibs/t:9EzENBYItG/fTiTvko/t
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DBC31A08F9C79CF2EF5B59B04CC7FBBF96216E128C29CC36D798DA44E963963050A512
sha3_384: 094cd05d25f0b99b78dc095e248be26e441de2ba3bb569047a6f4a325e7ba5a5083c7a9db3ca21bab6893dd2c1444aaf
ep_bytes: 83ec0cc705587b420001000000e8be56
timestamp: 2021-03-23 09:44:01

Version Info:
0: [No Data]

Trojan.WacatacPMF.S19466583 also known as:

Lionic	Trojan.Win32.CjOZh.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.JP.hCW@a8CjOZh
FireEye	Gen:Trojan.Heur.JP.hCW@a8CjOZh
CAT-QuickHeal	Trojan.WacatacPMF.S19466583
McAfee	RDN/Generic PWS.y
Cylance	Unsafe
Sangfor	Suspicious.Win32.Fugrafa.125569
Alibaba	TrojanSpy:Application/Xegumumune.0979c795
Cybereason	malicious.c0631a
Cyren	W32/Trojan.TCQV-8036
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Paloalto	generic.ml
BitDefender	Gen:Trojan.Heur.JP.hCW@a8CjOZh
Avast	FileRepMalware
Ad-Aware	Gen:Trojan.Heur.JP.hCW@a8CjOZh
McAfee-GW-Edition	BehavesLike.Win32.Trojan.ch
Emsisoft	Gen:Trojan.Heur.JP.hCW@a8CjOZh (B)
SentinelOne	Static AI – Malicious PE
Microsoft	Trojan:Win32/Ymacco.AAD9
GData	Gen:Trojan.Heur.JP.hCW@a8CjOZh
AhnLab-V3	Trojan/Win.Generic.R416751
BitDefenderTheta	AI:Packer.0F87DA031E
ALYac	Gen:Trojan.Heur.JP.hCW@a8CjOZh
MAX	malware (ai score=82)
VBA32	BScope.TrojanSpy.Xegumumune
Ikarus	Trojan.SPY.Xegumumune
Fortinet	W32/Agent.FE9D!tr
AVG	FileRepMalware
CrowdStrike	win/malicious_confidence_60% (W)
MaxSecure	Trojan.Malware.116006130.susgen

How to remove Trojan.WacatacPMF.S19466583?

Trojan.WacatacPMF.S19466583 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X