Categories: Trojan

About “Trojan.Win32.Bingoml.cucc” infection

The Trojan.Win32.Bingoml.cucc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Bingoml.cucc virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Possible date expiration check, exits too soon after checking local time
Dynamic (imported) function loading detected
Reads data out of its own binary image
A HTTP/S link was seen in a script or command line
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Attempts to modify proxy settings
Uses suspicious command line tools or Windows utilities

How to determine Trojan.Win32.Bingoml.cucc?


File Info:
name: 0C7CBA1508C2DB5BA75E.mlwpath: /opt/CAPEv2/storage/binaries/5caa506804cef8cf5a79e1aa90ea01f4619a66dda8b6cda81655fc166cf49094crc32: FCFE6F7Bmd5: 0c7cba1508c2db5ba75ec21f60d6aa1esha1: 5a655a149ecec8c1594922bb0bcf757109030fbdsha256: 5caa506804cef8cf5a79e1aa90ea01f4619a66dda8b6cda81655fc166cf49094sha512: 51756a0f867a3b99a429c0004f32fbb4c55a25840e8ce1caed632af9160268b1d10c6385a3742de75f0fa2bdcd0338f2624e14dbf269d338bab1100e347b4dfassdeep: 3072:PGjKXZETYS0O1xslEuvNaKMVn5vgfAQXAQnMAd:PLGB0O3yDNbM0xXAQndtype: PE32+ executable (console) x86-64, for MS Windowstlsh: T11EC312A9E1A12E72CAB3153DEC25B904D00F9D0AD3EF42D58A01B6C367F994A90CD47Fsha3_384: 8c784b13d67ea80d912e9adbb1c724f7222bf5d970024a5c2823688539a592d18dc77eed7c706b25224ebf085b88cc2cep_bytes: 53565755488d35b52dfeff488dbe0050timestamp: 2021-12-01 19:53:40
Version Info:
0: [No Data]

Trojan.Win32.Bingoml.cucc also known as:

Lionic	Trojan.Win32.Bingoml.4!c
DrWeb	Trojan.DownLoader44.13087
MicroWorld-eScan	Trojan.GenericKDZ.81125
FireEye	Generic.mg.0c7cba1508c2db5b
ALYac	Trojan.GenericKDZ.81125
Cylance	Unsafe
Zillya	Backdoor.Androm.Win32.79671
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0058b45a1 )
K7GW	Trojan ( 0058b45a1 )
Cybereason	malicious.49ecec
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/CoinMiner.AFP
TrendMicro-HouseCall	TROJ_GEN.R011C0WL921
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Bingoml.cucc
BitDefender	Trojan.GenericKDZ.81125
Tencent	Win32.Trojan.Bingoml.Hfo
Ad-Aware	Trojan.GenericKDZ.81125
Emsisoft	Trojan.GenericKDZ.81125 (B)
TrendMicro	TROJ_GEN.R011C0WL921
McAfee-GW-Edition	BehavesLike.Win64.Generic.cc
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.CoinMiner
GData	Trojan.GenericKDZ.81125
Avira	TR/CoinMiner.uduxy
Antiy-AVL	Trojan/Generic.ASBOL.C5E3
Gridinsoft	Ransom.Win64.Gen.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R456182
McAfee	RDN/Generic.grp
MAX	malware (ai score=81)
VBA32	Trojan.Bingoml
Malwarebytes	Trojan.Downloader
Panda	Trj/CI.A
APEX	Malicious
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	Adware/Miner
AVG	Win64:CoinminerX-gen [Trj]
Avast	Win64:CoinminerX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen