Trojan

About “Trojan.Win32.JPotato” infection

Malware Removal

The Trojan.Win32.JPotato is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.JPotato virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.Win32.JPotato?



File Info:

name: 08273CB9D305013D7B47.mlw
path: /opt/CAPEv2/storage/binaries/51966ec97a2d82b27077be550bf3cef8d5bced18dd6da530da211fb4fa0c3465
crc32: 24196A96
md5: 08273cb9d305013d7b477b98bb6759d6
sha1: 72cdd98a7cd96117d3eddcfee55d15e27448efe4
sha256: 51966ec97a2d82b27077be550bf3cef8d5bced18dd6da530da211fb4fa0c3465
sha512: d13c6917642a499b2d531ebc51f0d95f81c92b2e0dce160ecce81ef333752fa2b0b199a141ad2d3afaf4add0b3ae5050cbdb6c003247a12f4bb226edc67cd791
ssdeep: 1536:HgJKv+L9HER7e/Sq1mlD2lYXA0+lGRzTqlYmEpPvtFCllbtKDLtFkPqfMXtn:bg9HExe/Sq1mlaYQ0GApPvtWlbgV+PSS
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T15383026600BD5FA2C61A31B8F5124B3954F2971F26FA667CF7DD96B3B360B518813203
sha3_384: 8704189f98593adf2f4d944f12a607eb6eb31f473561e1311f1d2f6226542cf743cf9ca884626141ec3fc3eff2977c6d
ep_bytes: 53565755488d35f5b6feff488dbe0050
timestamp: 2022-08-09 10:08:50


Version Info:

0: [No Data]

Trojan.Win32.JPotato also known as:

CynetMalicious (score: 100)
FireEyeGeneric.mg.08273cb9d305013d
VIPRETrojan.GenericKDZ.70229
Cybereasonmalicious.9d3050
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win64/HackTool.JuicyPotato.U
KasperskyHEUR:Trojan.Win32.JPotato.gen
BitDefenderTrojan.GenericKDZ.70229
MicroWorld-eScanTrojan.GenericKDZ.70229
Ad-AwareTrojan.GenericKDZ.70229
EmsisoftTrojan.GenericKDZ.70229 (B)
F-SecureHeuristic.HEUR/AGEN.1215358
McAfee-GW-EditionBehavesLike.Win64.Trojan.mc
SentinelOneStatic AI – Suspicious PE
Trapminemalicious.high.ml.score
APEXMalicious
GDataTrojan.GenericKDZ.70229
AviraHEUR/AGEN.1215358
ArcabitTrojan.Generic.D11255
ZoneAlarmHEUR:Trojan.Win32.JPotato.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
Acronissuspicious
ALYacTrojan.GenericKDZ.70229
MAXmalware (ai score=88)
IkarusPUA.HWIDChanger
MaxSecureTrojan.Malware.300983.susgen

How to remove Trojan.Win32.JPotato?

Trojan.Win32.JPotato removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment