Trojan

Trojan.Win32.DarkHotel removal guide

Malware Removal

The Trojan.Win32.DarkHotel is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.DarkHotel virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Authenticode signature is invalid

How to determine Trojan.Win32.DarkHotel?



File Info:

name: 1D368E7A268C245B17C6.mlw
path: /opt/CAPEv2/storage/binaries/b24424c538a0aa9c41a8eca635316f7bb5d72dd7374c2ee36f649d87ff4b118b
crc32: 1BC971B4
md5: 1d368e7a268c245b17c63831f10fbe48
sha1: 32957614f1c74958516f99382a9085f67674109d
sha256: b24424c538a0aa9c41a8eca635316f7bb5d72dd7374c2ee36f649d87ff4b118b
sha512: 5adb50b622ba3e59bbba36d142b6a5c288234411d84a1cd97b04c63ed1d1fc1d2b6a456a6614e6c58a473fdaed0d51e479472e1457735882c0213544b9fd37a1
ssdeep: 1536:eelllVFfML6pe2F5HXme9DE9lMXdzj0f/ePhz852pn6:eeHFfM2eOAYHAkA52p6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17FB3E4126600C431F3190B304956F6E04AAAAD3D59E4E58FFB787E3A6E311C39A7725F
sha3_384: 8003ed3a37ef1e7272330474803fd733a9865656d087fc45d263cc4ef4bcd276552a5fb664384241d8e37c1be7a51ab7
ep_bytes: e8254d0000e989feffff8bff558bec81
timestamp: 2017-01-30 23:34:56


Version Info:

0: [No Data]

Trojan.Win32.DarkHotel also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.35236446
FireEyeGeneric.mg.1d368e7a268c245b
McAfeeGenericRXAA-FA!1D368E7A268C
CylanceUnsafe
SangforTrojan.Win32.Wacatac.C
Cybereasonmalicious.a268c2
BitDefenderThetaGen:NN.ZexaF.34212.huW@aWjd1Bei
SymantecML.Attribute.HighConfidence
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.DarkHotel.gen
BitDefenderTrojan.GenericKD.35236446
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.35236446
EmsisoftTrojan.GenericKD.35236446 (B)
McAfee-GW-EditionBehavesLike.Win32.Generic.cm
SophosMal/Generic-S
GDataTrojan.GenericKD.35236446
JiangminBackdoor.Agent.eqa
WebrootW32.Trojan.Gen
MAXmalware (ai score=85)
ArcabitTrojan.Generic.D219AA5E
ZoneAlarmHEUR:Trojan.Win32.DarkHotel.gen
MicrosoftTrojan:Win32/Ymacco.AAB2
AhnLab-V3Malware/Win32.Generic.C2762526
ALYacTrojan.GenericKD.35236446
APEXMalicious
TencentWin32.Trojan.Darkhotel.Dzak
YandexTrojan.DarkHotel!+aUnXDyA3uo
FortinetW32/Darkhotel!tr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan.Win32.DarkHotel?

Trojan.Win32.DarkHotel removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment