What is “Trojan.Win32.Bingoml.hehv”?

The Trojan.Win32.Bingoml.hehv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Bingoml.hehv virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan.Win32.Bingoml.hehv?


File Info:
name: 1B243D778ADD9B703288.mlw
path: /opt/CAPEv2/storage/binaries/3be64f649127fe4c94a367d99d9c35438bf8a0d5163837fcf5ded4999dfdeac7
crc32: B326452A
md5: 1b243d778add9b70328830daf8816749
sha1: 13b3f8970fc76e09304cd828f70f52ac7bdc4a59
sha256: 3be64f649127fe4c94a367d99d9c35438bf8a0d5163837fcf5ded4999dfdeac7
sha512: 76c4661a2b1832c6f716bef9b745825284f9d6eaa8ca494526b175660aa658e11ade42d858f2cc0fa49830e47b8a9a0ac99da3baf386cc14916f4e774993c469
ssdeep: 12288:eGAT/GzeSKYUAVmqanAoH15XwU5nJeROri31SDBO/3ojH:eGAT/IeSdMnAoH1ZwU5nJeROBDoQ7
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T18AD46B64969060DCC42E3E3425C9FDBD88D82A702F0550E3F9EA6DFA61EF6D543F8246
sha3_384: f5b932ad4c4c19b22ab969fa14fed973c7c4ccc75e22447d6286fa4d497e4c4e515603b91a8dd3b3347203ee99662ccb
ep_bytes: 515253b918000000648b1103c901d18b
timestamp: 2016-05-22 00:34:38

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows Command Processor
FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
InternalName: cmd
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: Cmd.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.14393.0
Translation: 0x0409 0x04b0

Trojan.Win32.Bingoml.hehv also known as:

MicroWorld-eScan	Win32.Expiro.Gen.6
FireEye	Generic.mg.1b243d778add9b70
McAfee	Artemis!1B243D778ADD
Cylance	Unsafe
VIPRE	Win32.Expiro.Gen.6
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.78add9
Cyren	W32/Expiro.AW.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Expiro.CP
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Bingoml.hehv
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Ad-Aware	Win32.Expiro.Gen.6
Sophos	ML/PE-A + Mal/EncPk-MK
McAfee-GW-Edition	BehavesLike.Win32.BadFile.hc
Trapmine	malicious.high.ml.score
Emsisoft	Win32.Expiro.Gen.6 (B)
Ikarus	Virus.Win32.Expiro
GData	Win32.Expiro.Gen.6
Jiangmin	Trojan.Scar.tww
Avira	TR/Patched.Gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
Acronis	suspicious
VBA32	BScope.Trojan.Wacatac
ALYac	Win32.Expiro.Gen.6
MAX	malware (ai score=84)
APEX	Malicious
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Expiro.CP
AVG	Win32:Xpirat-C [Inf]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Trojan.Win32.Bingoml.hehv?

Trojan.Win32.Bingoml.hehv removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X