Trojan

About “Trojan.Win32.Crypt.alim” infection

Malware Removal

The Trojan.Win32.Crypt.alim is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Crypt.alim virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan.Win32.Crypt.alim?



File Info:

name: 304A9AA293951BF57705.mlw
path: /opt/CAPEv2/storage/binaries/f16ab11fc73dd853565e3ce61e579f4eb7107708d4022f793e9ca9aeba21da09
crc32: 4DFAE006
md5: 304a9aa293951bf57705ddfa317b5f44
sha1: dea1021a388c5c3072d1400fd0d46f818978464b
sha256: f16ab11fc73dd853565e3ce61e579f4eb7107708d4022f793e9ca9aeba21da09
sha512: 45ef5be16f6e18e63516194abef0c7a379f525f815147fbfdd34bcdaf8b08484f452b360f2118656292eb5fd4f37ac40940bc8675ff3aa533e6babe558b3e1b9
ssdeep: 24576:nzBIWcmjuRli1R/zBUhmgI2TIhXlqLUxocktXo4SHS1CQAHgxs/r65K8noz0W6i0:tIWcmKRklqdTAqwxSXo4SHS1Fsl8E0j/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14F851202F2A3C472D4A50475053A9BB28F767D7167A4C0E7AFE439689E323D1A73634B
sha3_384: 38b1739fbce351448b5beb387a52ae61f341e16e92a1f1a98ff99ecd1219b0c9fea6a25bc98d84287073876ea2a148a6
ep_bytes: e8a61d0000e989feffff8bff565733f6
timestamp: 2019-01-03 19:13:08


Version Info:

Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.5.3.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2019 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.5.3.0
Translation: 0x0409 0x04e4

Trojan.Win32.Crypt.alim also known as:

LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.304a9aa293951bf5
SkyhighBehavesLike.Win32.Dropper.tc
McAfeeArtemis!304A9AA29395
Cylanceunsafe
SangforTrojan.Win32.Save.a
AlibabaTrojan:Win32/Indiloadz.6c98a4ec
CrowdStrikewin/grayware_confidence_70% (D)
ESET-NOD32Win32/Indiloadz.CA
CynetMalicious (score: 100)
APEXMalicious
KasperskyTrojan.Win32.Crypt.alim
SUPERAntiSpywareTrojan.Agent/Gen-Indiloadz
DrWebTrojan.DownLoader45.61542
SophosMal/Generic-S
IkarusTrojan-Downloader.LUA.Agent
WebrootW32.Hack.Tool
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmTrojan.Win32.Crypt.alim
VBA32Adware.AdUpdater
MalwarebytesGeneric.Malware/Suspicious
MaxSecureTrojan.Malware.74262177.susgen
FortinetW32/Indiloadz.152B!tr
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Crypt.alim?

Trojan.Win32.Crypt.alim removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment