What is “Trojan.Win32.Hesv.fwxu”?

The Trojan.Win32.Hesv.fwxu is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Hesv.fwxu virus can do?

The binary contains an unknown PE section name indicative of packing
The executable is compressed using UPX
Authenticode signature is invalid

How to determine Trojan.Win32.Hesv.fwxu?


File Info:
name: 3C8AE1BF835E6F8966DA.mlw
path: /opt/CAPEv2/storage/binaries/3dc68f755bcd4497a6766ad986d4fce7d7640ec214c994c782f7a8be82a7b4df
crc32: BDFC01FC
md5: 3c8ae1bf835e6f8966da14ff59c812bf
sha1: e527341b9e7be279fe8f1dfea2581c0199b110e8
sha256: 3dc68f755bcd4497a6766ad986d4fce7d7640ec214c994c782f7a8be82a7b4df
sha512: aa2f5efb57175dde8a81eb53397ae152c2c4cdbcb148dfc2451d5faab4a866a213150b62fdaf5f0f80a21b6ac0ac3104056f61658ee28bd26a19411784c1687d
ssdeep: 384:UxrnrD0HqS06WtZt1cXhqBbFc9aNJawcudoD7UV3e/+Me/Je/tfF1Y/K:U9rwHIHbFtnbcuyD7UVOQI5no
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C513F725F7776199E748C5BF85A6C21A14607F389AB385ABB68C3EBF3D312541C35302
sha3_384: bdf43e8bebbfabee8e8fa0e8a46de42dae99b0045efa6d14bd8b656dbbd26697a76414e6db47f9bd2f46052a8343e47c
ep_bytes: 60be004042008dbe00d0fdff5789e58d
timestamp: 2006-11-27 09:24:01

Version Info:
Translation: 0x0409 0x04b0
CompanyName: Oncom
ProductName: xk
FileVersion: 0.00.0020
ProductVersion: 0.00.0020
InternalName: DATA
OriginalFilename: DATA.exe

Trojan.Win32.Hesv.fwxu also known as:

tehtris	Generic.Malware
MicroWorld-eScan	Gen:Trojan.Heur.cm0@!VHMQ2ji
FireEye	Generic.mg.3c8ae1bf835e6f89
ALYac	Gen:Trojan.Heur.cm0@!VHMQ2ji
Cylance	Unsafe
Zillya	Trojan.Hesv.Win32.11799
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005726d21 )
K7GW	Trojan ( 005726d21 )
CrowdStrike	win/malicious_confidence_100% (D)
Cyren	W32/Ludbaruma.A.gen!Eldorado
Elastic	malicious (moderate confidence)
APEX	Malicious
Kaspersky	Trojan.Win32.Hesv.fwxu
BitDefender	Gen:Trojan.Heur.cm0@!VHMQ2ji
Avast	Win32:Evo-gen [Trj]
Ad-Aware	Gen:Trojan.Heur.cm0@!VHMQ2ji
Emsisoft	Gen:Trojan.Heur.cm0@!VHMQ2ji (B)
Comodo	Packed.Win32.MUPX.Gen@24tbus
VIPRE	Gen:Trojan.Heur.cm0@!VHMQ2ji
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A
SentinelOne	Static AI – Suspicious PE
GData	Gen:Trojan.Heur.cm0@!VHMQ2ji
Jiangmin	Trojan.Hesv.ftc
Google	Detected
Avira	TR/Crypt.ULPM.Gen
Arcabit	Trojan.Heur.EDD10FA
ZoneAlarm	Trojan.Win32.Hesv.fwxu
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win32.IRCBot.R1456
McAfee	GenericRXAA-AA!3C8AE1BF835E
MAX	malware (ai score=82)
Malwarebytes	Malware.AI.1815234599
Rising	Worm.VBInjectEx!1.99E6 (CLASSIC)
Ikarus	Trojan.Win32.Patched
MaxSecure	Trojan.Malware.187200639.susgen
Fortinet	W32/Nilage.5B64!tr
BitDefenderTheta	AI:Packer.507756501C
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.f835e6

How to remove Trojan.Win32.Hesv.fwxu?

Trojan.Win32.Hesv.fwxu removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X