Trojan

Trojan.Win32.IRCbot.bhpx removal

Malware Removal

The Trojan.Win32.IRCbot.bhpx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.IRCbot.bhpx virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config

How to determine Trojan.Win32.IRCbot.bhpx?



File Info:

name: 068EB333117ABD784281.mlw
path: /opt/CAPEv2/storage/binaries/c1fc723d69f839beda1c267f6c0aa544b61793c897fc3d4bfa924f433f0e6909
crc32: BD728FBE
md5: 068eb333117abd784281fec575c85a2d
sha1: 7b7da4f8d758c4616ce55b226d9c183e10150164
sha256: c1fc723d69f839beda1c267f6c0aa544b61793c897fc3d4bfa924f433f0e6909
sha512: 09a92edabbc3789a6c9f3cdf97620a424029db5c7b74f7af8b349ff4a6a33ac50383539adc4528bc56a714146c858eb3b0944998664893501b26a7dce7184c9b
ssdeep: 98304:X5hvcfbPqZp6P7p0jNZrn9QMECvur8qDcQNlQ/OoX3:4fmqMR6U2p4qoH
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17406336302F47872CAB617F99639044AB727372B8930A5113BFC2E784F79685592EF70
sha3_384: 958c6b8998d3179ccda392acd07685b2dd594a4707a11d9bfe24a8add4db301aead5706808ff0f9c786b1988a90ff0ac
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Fierce Kitten Studio                                        
FileDescription: GIFBot Setup                                                
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: GIFBot                                                      
ProductVersion: 4.4                                               
Translation: 0x0000 0x04b0

Trojan.Win32.IRCbot.bhpx also known as:

LionicTrojan.Win32.IRCbot.4!c
MicroWorld-eScanTrojan.GenericKD.47504605
FireEyeTrojan.GenericKD.47504605
CylanceUnsafe
SangforTrojan.Win32.Generic.8
AlibabaTrojan:Win32/IRCbot.67bfec33
Cybereasonmalicious.3117ab
SymantecTrojan.Gen.MBT
KasperskyTrojan.Win32.IRCbot.bhpx
BitDefenderTrojan.GenericKD.47504605
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.47504605
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.wc
EmsisoftTrojan.GenericKD.47504605 (B)
GDataTrojan.GenericKD.47504605
Antiy-AVLTrojan/Generic.ASMalwS.22E2050
MicrosoftTrojan:Win32/Wacatac.B!ml
McAfeeArtemis!068EB333117A
MAXmalware (ai score=89)
VBA32Trojan.IRCbot
TrendMicro-HouseCallTROJ_GEN.R002H07H221
TencentWin32.Trojan.Ircbot.Fik
FortinetW32/Generic.QP!tr
AVGWin32:Malware-gen

How to remove Trojan.Win32.IRCbot.bhpx?

Trojan.Win32.IRCbot.bhpx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment