Trojan

Trojan.Win32.Gorgon.ghl (file analysis)

Malware Removal

The Trojan.Win32.Gorgon.ghl is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Gorgon.ghl virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Sniffs keystrokes
  • CAPE detected the EnigmaStub malware family
  • Harvests cookies for information gathering
  • Creates known Njrat/Bladabindi RAT registry keys
  • Anomalous binary characteristics

How to determine Trojan.Win32.Gorgon.ghl?



File Info:

name: 86A96235DBCEEBC17F59.mlw
path: /opt/CAPEv2/storage/binaries/a305a01fa09e771bc6faf4429369bcd85c55b2e576590eb7512d69cfeb7c3370
crc32: 52D72DB9
md5: 86a96235dbceebc17f5975878843b5a4
sha1: 56f71066b5d86368b49b6efbbb4ba7b79fb83a42
sha256: a305a01fa09e771bc6faf4429369bcd85c55b2e576590eb7512d69cfeb7c3370
sha512: b3c967650f5a8000c3f9329c37316fa575a373d44e7927733443955488723ce625581250ccfbc326d44f054e011eca69c4998863ccd49d49b3ed0854fc3184e7
ssdeep: 24576:KZ79+u5dyl74Ewj/okBkgSFgh6e7PKxMCkFVvqnjqW3QnOL:KZdsTkBSFgh66P0MCuViGTn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14345128FF261FF28CABC603350A672521939B7E893183D7DFDA8571A09E8127C5D61D2
sha3_384: 1b523fd6d951979ed21c46d5968e2cb35ac18f1edfbdc8e0e50946753e8a4885eb2afca25c87185c7f47e657e319c6d7
ep_bytes: e861000000e979feffff6860bb440064
timestamp: 2022-07-18 00:26:37


Version Info:

CompanyName: The Enigma Protector Developers Team
FileDescription: Software Protection Tool
FileVersion: 63.23.15.55
InternalName: ENIGMA.EXE
LegalCopyright: Copyrights (C) 2002-2009 Vladimir Sukhov
LegalTrademarks: Trademarks (R) 2002-2009 Vladimir Sukhov
OriginalFilename: enigma.exe
ProductName: The Enigma Protector
ProductVersion: 1.0.0.0
Comments: http://enigmaprotector.com/
Translation: 0x0409 0x04b0

Trojan.Win32.Gorgon.ghl also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
FireEyeGeneric.mg.86a96235dbceebc1
McAfeeArtemis!86A96235DBCE
CylanceUnsafe
Sangfor[ASPACK 1.02B OR 1.08.03]
K7AntiVirusTrojan ( 004ba83b1 )
K7GWTrojan ( 004ba83b1 )
Cybereasonmalicious.6b5d86
ESET-NOD32a variant of Win32/Packed.EnigmaProtector.J suspicious
APEXMalicious
ClamAVWin.Dropper.njRAT-9244937-0
KasperskyTrojan.Win32.Gorgon.ghl
AvastWin32:Malware-gen
DrWebTrojan.Inject3.5086
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusPUA.EnigmaProtector
GDataMSIL.Backdoor.Bladabindi.XACOUZ
AviraHEUR/AGEN.1215901
MicrosoftBackdoor:MSIL/Bladabindi.AJ
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R505662
Acronissuspicious
VBA32Trojan.Zpevdo
MalwarebytesTrojan.MalPack.Enigma
TrendMicro-HouseCallTROJ_GEN.R014H07GJ22
RisingPUF.Pack-Enigma!1.BA33 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
BitDefenderThetaGen:NN.ZexaF.34806.nz0@a4OKKkgi
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan.Win32.Gorgon.ghl?

Trojan.Win32.Gorgon.ghl removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment