About “Trojan.Win32.Kolovorot.pef” infection

The Trojan.Win32.Kolovorot.pef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.Kolovorot.pef virus can do?

A file was accessed within the Public folder.
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Trojan.Win32.Kolovorot.pef?


File Info:
name: 942F27643C4C4D93C48F.mlw
path: /opt/CAPEv2/storage/binaries/ca0d82d496199d03347ccea389e09876e73172c38c4247ca9cdcc6d68df87732
crc32: 02C609FA
md5: 942f27643c4c4d93c48f7c7dae2ac388
sha1: 1e83983b72a20ba4da5eb86bc3f2733727eeaf7e
sha256: ca0d82d496199d03347ccea389e09876e73172c38c4247ca9cdcc6d68df87732
sha512: 5bbc1adfcbafc89313cdd8c96cf8e3f814daf7864a482b89bce98c7396b64455b88a76ff5ef424da83af70c669969c25b851af078ce497ed0fbfebf2cd107fa6
ssdeep: 24576:oBkgvoyzzLYHqXAnkWyVFuOPw16/vjBkWG32:orzm2juxAvjBkWd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A1556B11B095C0F1D6925230E17633B6AABCFCA6CA7A836F574DFD7939B3180821B527
sha3_384: 02f916d770a631539b52fae06717a214d85ab2278807d3db2f4acadd81d6873da0257ceebe5c0c514d5d3ddd0f679035
ep_bytes: 558bec6aff68d054520068d4e2470064
timestamp: 2012-02-03 03:53:59

Version Info:
FileVersion: 1.0.0.0
FileDescription: 易语言程序
ProductName: 易语言程序
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

Trojan.Win32.Kolovorot.pef also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.lte9
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.69942858
FireEye	Generic.mg.942f27643c4c4d93
Skyhigh	BehavesLike.Win32.Generic.th
McAfee	GenericRXAA-AA!942F27643C4C
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Agent.Vgfj
CrowdStrike	win/malicious_confidence_60% (W)
Alibaba	Trojan:Win32/Kolovorot.aaf59067
K7GW	Trojan ( 005246d51 )
K7AntiVirus	Trojan ( 005246d51 )
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Kolovorot.pef
BitDefender	Trojan.GenericKD.69942858
Avast	Win32:TrojanX-gen [Trj]
Sophos	Generic Reputation PUA (PUA)
VIPRE	Trojan.GenericKD.69942858
TrendMicro	TROJ_GEN.R002C0WJP23
Trapmine	suspicious.low.ml.score
Emsisoft	Application.Generic (A)
Ikarus	Backdoor.Win32.Turkojan
Varist	W32/Trojan.GRW.gen!Eldorado
Antiy-AVL	Trojan/Win32.FlyStudio.a
Microsoft	Trojan:Win32/Wacatac.B!ml
Xcitium	Worm.Win32.Dropper.RA@1qraug
Arcabit	Trojan.Generic.D42B3E4A
ZoneAlarm	HEUR:Trojan.Win32.Kolovorot.pef
GData	Win32.Trojan.PSE.15IBL0F
Google	Detected
BitDefenderTheta	Gen:NN.ZexaF.36792.vr0@a0BK25jb
ALYac	Trojan.GenericKD.69942858
MAX	malware (ai score=82)
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0WJP23
Yandex	Trojan.GenAsa!1Ibu8JjB6UU
SentinelOne	Static AI – Malicious PE
MaxSecure	Dropper.Dinwod.frindll
Fortinet	W32/CoinMiner.PHP!tr
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.b72a20
DeepInstinct	MALICIOUS

How to remove Trojan.Win32.Kolovorot.pef?

Trojan.Win32.Kolovorot.pef removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X