Trojan

About “Trojan.Win32.Chapak.fdga” infection

Malware Removal

The Trojan.Win32.Chapak.fdga is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Chapak.fdga virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Checks for the presence of known windows from debuggers and forensic tools
  • CAPE detected the Vidar malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Trojan.Win32.Chapak.fdga?



File Info:

name: 81F3D442603573024349.mlw
path: /opt/CAPEv2/storage/binaries/028a267ed72543f5b37ed7982b43346e9751998c68e72861d66ffce1ec557a6f
crc32: CC70CAEC
md5: 81f3d442603573024349650aae40980f
sha1: 18f90c1f7b67e12d9cf0af1c98c696648b9cf416
sha256: 028a267ed72543f5b37ed7982b43346e9751998c68e72861d66ffce1ec557a6f
sha512: fddeaf0e51987b99b225550126333849127dfd439d631f00ca3712506ef0cc5989e80fd8dc0e7b06fae1783ab8e98a898ce495d01054940d5b62aaef431b2a0e
ssdeep: 49152:Dxq3J1y2lXT8kYCcf1Lpa0UH4OPtkc8PW2V:Dxo1XlXTPY7LF75c8PWQ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BAB5232137A6C4CFD8640A748C41B0F50AF37C92AD76E19B75967B4F88F0E8089A7F65
sha3_384: 2d66d79ece3c2434ca0b40bdde31c9327d3f67a1936145932de08b52cbad3606631200e19a521c88fd70e917197f002d
ep_bytes: eb02627450eb058ba66863a7e8180000
timestamp: 2022-02-01 05:40:38


Version Info:

FileDescription: iProDifX Installation Utility
FileVersion: 15.5.0.1
InternalName: iProDifX
LegalCopyright: Copyright (C) 2005, 2011
OriginalFilename: iProDifX.EXE
ProductName: iProDifX Application
ProductVersion: 15.5.0.0
Translation: 0x0409 0x04b0

Trojan.Win32.Chapak.fdga also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
MicroWorld-eScanTrojan.GenericKD.38911786
FireEyeTrojan.GenericKD.38911786
McAfeeGenericRXAA-AA!81F3D4426035
CylanceUnsafe
SangforTrojan.Win32.Chapak.fdga
CrowdStrikewin/malicious_confidence_100% (W)
K7GWTrojan ( 0058ddd21 )
K7AntiVirusTrojan ( 0058ddd21 )
CyrenW32/Obsidium.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenCBL.BPK
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Chapak.fdga
BitDefenderTrojan.GenericKD.38911786
AvastWin32:DangerousSig [Trj]
Ad-AwareTrojan.GenericKD.38911786
EmsisoftTrojan.GenericKD.38911786 (B)
ComodoMalware@#2y055qeuelddl
TrendMicroTROJ_FRS.0NA103B322
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S + Troj/Agent-BIKW
GDataTrojan.GenericKD.38911786
AviraHEUR/AGEN.1217015
Antiy-AVLTrojan/Win32.Chapak
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ViRobotTrojan.Win32.Z.Agent.2369256
ZoneAlarmTrojan.Win32.Chapak.fdga
MicrosoftExploit:Win32/ShellCode!ml
CynetMalicious (score: 99)
AhnLab-V3Downloader/Win.Agent.C4950239
BitDefenderThetaGen:NN.ZexaF.34212.qs3@auh5bFci
ALYacTrojan.GenericKD.38911786
MAXmalware (ai score=80)
VBA32BScope.Trojan.Pynamer
MalwarebytesTrojan.MalPack.Obsidium
TrendMicro-HouseCallTROJ_FRS.0NA103B322
RisingSpyware.Stealer!8.3090 (CLOUD)
YandexTrojan.GenCBL!1G+m+8mF/GU
IkarusTrojan.SuspectCRC
FortinetW32/Malicious_Behavior.SBX
AVGWin32:DangerousSig [Trj]
PandaTrj/CI.A
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.Win32.Chapak.fdga?

Trojan.Win32.Chapak.fdga removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment