About "Trojan.Win32.Chapak.esqn" infection

The Trojan.Win32.Chapak.esqn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Chapak.esqn virus can do?

Executable code extraction
Creates RWX memory
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Unconventionial language used in binary resources: Manipuri
The binary likely contains encrypted or compressed data.
Looks up the external IP address
Installs itself for autorun at Windows startup
Creates a hidden or system file
Network activity detected but not expressed in API logs
Creates a copy of itself
Anomalous binary characteristics

Related domains:

bankshopstars.space

bankshopstars.bar

api.ipify.org

How to determine Trojan.Win32.Chapak.esqn?


File Info:
crc32: 4EC72D46
md5: f0011549f242b69cc3b620f1540c0a0f
name: upload_file
sha1: d44971e1b717b46058a1fecc6b8a19f2b536de85
sha256: 1c8ed4600279d1f7c32c1e4b16f8bcdf6f4210fdd550ba96b5a8327dde66858c
sha512: f76a36f3b919ee111b938dfc246e5283b1c6e10bbb92bd77a7eb0f8aa98fd2b9c5faad73f563b86379c5e5e2997cb156ddea4905022922870acf7eefb0496d30
ssdeep: 1536:TBI1L9X29fiP3Ybkkb4CQ/F9+WVAmH5HDM463kQ7tK:TBIQmIz09+WVAU5jN63lt
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
InternalName: efhsjyrg.ufr
ProductionVersus: 1.0.6.23
Copyrights: Copyrighds (C) 2020, xjdk
FileV: 1.0.3
TranslationUsi: 0x0872 0x0cd7

Trojan.Win32.Chapak.esqn also known as:

Bkav	W32.AIDetectVM.malware1
Cynet	Malicious (score: 100)
FireEye	Generic.mg.f0011549f242b69c
McAfee	Packed-GAO!F0011549F242
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Malicious.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0056bb551 )
BitDefender	Trojan.GenericKD.43574054
K7GW	Trojan ( 0056bb551 )
CrowdStrike	win/malicious_confidence_100% (W)
Invincea	heuristic
F-Prot	W32/S-1a6111b9!Eldorado
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Dropper.KPOT-9204617-0
GData	Trojan.GenericKD.43574054
Kaspersky	Trojan.Win32.Chapak.esqn
Alibaba	Trojan:Win32/Chapak.4bf7d213
NANO-Antivirus	Trojan.Win32.Chapak.hpwgoo
MicroWorld-eScan	Trojan.GenericKD.43574054
Rising	Trojan.Kryptik!1.C98B (CLOUD)
Ad-Aware	Trojan.GenericKD.43574054
Emsisoft	Trojan.GenericKD.43574054 (B)
F-Secure	Trojan.TR/Kryptik.ghllg
DrWeb	Trojan.DownLoader34.16991
Zillya	Trojan.Chapak.Win32.86923
TrendMicro	TROJ_GEN.R03BC0WH120
MaxSecure	Trojan.Malware.300983.susgen
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan-Banker.IcedID
Cyren	W32/Trojan.BCEI-9247
Avira	TR/Kryptik.ghllg
Antiy-AVL	Trojan/Win32.Chapak
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D298E326
ZoneAlarm	Trojan.Win32.Chapak.esqn
Microsoft	Trojan:Win32/Glupteba.DEB!MTB
AhnLab-V3	Trojan/Win32.Tofsee.R346630
Acronis	suspicious
VBA32	Malware-Cryptor.Limpopo
ALYac	Trojan.GenericKD.43574054
MAX	malware (ai score=88)
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.HFHP
TrendMicro-HouseCall	TROJ_GEN.R03BC0WH120
SentinelOne	DFI – Suspicious PE
Fortinet	W32/Kryptik.HEZN!tr
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.1b717b
Paloalto	generic.ml
Qihoo-360	Generic/HEUR/QVM10.2.EF3C.Malware.Gen

How to remove Trojan.Win32.Chapak.esqn?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About “Trojan.Win32.Chapak.esqn” infection