Trojan

Trojan.Win32.GuLoader removal instruction

Malware Removal

The Trojan.Win32.GuLoader is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.GuLoader virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • A scripting utility was executed

How to determine Trojan.Win32.GuLoader?



File Info:

name: CC2501714328E4103A82.mlw
path: /opt/CAPEv2/storage/binaries/30a531daa107c2ac749e111d5f8f7ce4c4dfe9ca6e36b7ef26ff1e7048219cd3
crc32: 7A4F6EEB
md5: cc2501714328e4103a82fd9a0585855c
sha1: a9b6b96b24bf5983b9bf67df165ca2abcf221cbf
sha256: 30a531daa107c2ac749e111d5f8f7ce4c4dfe9ca6e36b7ef26ff1e7048219cd3
sha512: 08793bc66b7e9a2242f5c06e435ac99f37e8450f2647577e2a456a37ba2d4fec5e0218a813d2aaab610c0247c0bb1029f6ce93ba83e20dc4dd1419cf29eb336f
ssdeep: 6144:/OB+pgUtGGGGGGbGGGGGzGGGGGRGGGGGGUGGGGGGG+GGGGGGzGGGGGGBGGGGGGGI:WgYJToCI54QCdMo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19B54F1F83681C02BD6B10A3548A792195A68FFD428165E8723336FDF7E72B02650767F
sha3_384: 161a7ba205c23be99bcc4528c23aeb85cc25c2aac88f65bdc299a7d02fc6cb5a7c2df2b68ba6dcaf243b837c20ce6f9f
ep_bytes: 81ecd40200005356576a205f33db6801
timestamp: 2016-07-09 04:21:41


Version Info:

Comments: Duchies Traumatiserede Skags
CompanyName: Finanskoncerner Epiblemata
LegalCopyright: magtapparaternes
OriginalFilename: Quentise.exe
Translation: 0x0409 0x04e4

Trojan.Win32.GuLoader also known as:

MicroWorld-eScanTrojan.GenericKD.62513888
McAfeeArtemis!CC2501714328
K7GWRiskware ( 00584baa1 )
K7AntiVirusRiskware ( 00584baa1 )
Elasticmalicious (high confidence)
KasperskyHEUR:Trojan.Win32.GuLoader.gen
BitDefenderTrojan.GenericKD.62513888
Ad-AwareTrojan.GenericKD.62513888
EmsisoftTrojan.GenericKD.62513888 (B)
VIPREGen:Variant.Nemesis.11401
McAfee-GW-EditionBehavesLike.Win32.ICLoader.dh
FireEyeTrojan.GenericKD.62513888
APEXMalicious
GDataTrojan.GenericKD.62513888
MAXmalware (ai score=81)
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Nemesis.D2C89
ZoneAlarmHEUR:Trojan.Win32.GuLoader.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
FortinetNSIS/Injector.7CC0!tr

How to remove Trojan.Win32.GuLoader?

Trojan.Win32.GuLoader removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment