Trojan

About “Trojan.Win32.Cossta.aeyg” infection

Malware Removal

The Trojan.Win32.Cossta.aeyg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Cossta.aeyg virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics

How to determine Trojan.Win32.Cossta.aeyg?


File Info:

name: 2C8C6BB34116E84E90C5.mlw
path: /opt/CAPEv2/storage/binaries/2abc65f96c97965edfb7e257030de0d9495a16550e02412eab4f9f2dc62a0f41
crc32: 5329F465
md5: 2c8c6bb34116e84e90c5d1adf6b4dabe
sha1: 3ea095eec219ba4deab5e8103310bd2d98a096ff
sha256: 2abc65f96c97965edfb7e257030de0d9495a16550e02412eab4f9f2dc62a0f41
sha512: 2cab3765fe0e7c331b24e54354c928dfc9b5b032c82f4517770499eaa87823ec83408405c3a2ee5d89db6f0fa59c31922600380b33c39de01ac20787020bcfe4
ssdeep: 6144:8ocMnMqRPmwpzvH+jadbVkvjia1x9AOU12IBzqcQTSbpupRkFsVFMbTyYzWw5dEE:hQdwpzUadbV+jiaHSqciSbpupiKYaeF
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BA647323F501F11BE45284B07E14869A2C156C721780A857FBC2BFCBB1716EBA9B5B1F
sha3_384: f29cf673eb401764f3973ccc71d8ea522783cbd2415a437823e64d495ea3ac7f9c1bf3213980280cc3db39dc6eaac8f0
ep_bytes: 68b8544000e8f0ffffff000000000000
timestamp: 2014-10-13 02:23:29

Version Info:

Translation: 0x0409 0x04b0
CompanyName: sony
ProductName: uzywqs
FileVersion: 1.00
ProductVersion: 1.00
InternalName: osnpqx
OriginalFilename: osquys.exe

Trojan.Win32.Cossta.aeyg also known as:

LionicTrojan.Win32.Cossta.m53q
MicroWorld-eScanTrojan.GenericKD.50127348
CAT-QuickHealTrojan.Cossta
ALYacTrojan.GenericKD.50127348
CylanceUnsafe
SangforTrojan.Win32.Cossta.aeyg
K7AntiVirusNetWorm ( 700000151 )
AlibabaTrojanSpy:Win32/Cossta.6a3b2b3a
K7GWNetWorm ( 700000151 )
Cybereasonmalicious.34116e
VirITTrojan.Win32.Generic.AWXE
CyrenW32/S-89f55aff!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.Bancos.AAO
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Cossta-9827890-0
KasperskyTrojan.Win32.Cossta.aeyg
BitDefenderTrojan.GenericKD.50127348
NANO-AntivirusTrojan.Win32.Cossta.jnyyot
SUPERAntiSpywareTrojan.Agent/Gen-Kazy
AvastWin32:GenMalicious-XO [Trj]
TencentMalware.Win32.Gencirc.11ef8522
Ad-AwareTrojan.GenericKD.50127348
TACHYONTrojan/W32.VB-Cossta.331776
SophosML/PE-A + Troj/VBSpy-P
ComodoTrojWare.Win32.Cossta.AWE@5pi5dz
DrWebTrojan.DownLoader11.43326
TrendMicroTROJ_GEN.R002C0PD722
McAfee-GW-EditionDownloader-FBBY!2C8C6BB34116
FireEyeGeneric.mg.2c8c6bb34116e84e
EmsisoftTrojan.GenericKD.50127348 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.GenericKD.50127348
AviraBDS/Simda.aomenoa
ArcabitTrojan.Generic.D2FCE1F4
ViRobotTrojan.Win32.Z.Cossta.331776
MicrosoftTrojan:Win32/Skeeyah.A!rfn
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Agent.R129030
McAfeeDownloader-FBBY!2C8C6BB34116
MAXmalware (ai score=80)
VBA32TScope.Trojan.VB
MalwarebytesMalware.AI.2830735123
TrendMicro-HouseCallTROJ_GEN.R002C0PD722
RisingSpyware.Bancos!8.2F8 (CLOUD)
YandexTrojan.GenAsa!xnaDYEq133c
IkarusTrojan.Win32.Cossta
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Bancos.ACMB!tr
BitDefenderThetaGen:NN.ZevbaF.34666.um0@ayTSutei
AVGWin32:GenMalicious-XO [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Cossta.aeyg?

Trojan.Win32.Cossta.aeyg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment