Trojan

Trojan.Win32.Kolovorot.pg (file analysis)

Malware Removal

The Trojan.Win32.Kolovorot.pg is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win32.Kolovorot.pg virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Trojan.Win32.Kolovorot.pg?


File Info:

name: B54679D958256D7E9F04.mlw
path: /opt/CAPEv2/storage/binaries/c1b219179a0482daa7b68eb00d97403fda579346056d75eb87dab2ca8c4e3133
crc32: 1E99E1F5
md5: b54679d958256d7e9f04ae13af307dbe
sha1: e233085ec5320525a2f50ed527ade98b1e514fce
sha256: c1b219179a0482daa7b68eb00d97403fda579346056d75eb87dab2ca8c4e3133
sha512: 6d9787c2cd430135ac3fd5a996e234d691ddf5fe7d728628343a3491e39af11d8e1604de060477773d4a0dd418dbabeecb40c3728af0274b57e17eb88997cd06
ssdeep: 49152:9EUOOX2DsKBPsTgpxG/p2/eOZfN0OsJba:RGDs4HG0mOZfN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F0E5AF02F6D2C0F5E75E153209AF273AAA78DA414B24DBC3A364EE7D5D325C0A937217
sha3_384: 73bdf2702d2bba6fda04b764184182ea66b1ec1fd3631438a62b0eadac54173cf5dd1e3655ee445cf9dfcdd8d473b6ea
ep_bytes: 558bec6aff6860d467006824c7460064
timestamp: 2010-05-18 15:37:41

Version Info:

FileVersion: 1.0.0.0
FileDescription: 无极工作室6.1
ProductName: 无极工作室6.1
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序为个人自行编写的应用程序,感谢大家使用
Translation: 0x0804 0x04b0

Trojan.Win32.Kolovorot.pg also known as:

BkavW32.AIDetect.malware1
tehtrisGeneric.Malware
MicroWorld-eScanGen:Heur.PWSIME.2
FireEyeGeneric.mg.b54679d958256d7e
CylanceUnsafe
ZillyaTrojan.Kolovorot.Win32.135
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 005246d51 )
AlibabaTrojan:Win32/Kolovorot.84c19f63
K7GWTrojan ( 005246d51 )
Cybereasonmalicious.958256
BaiduWin32.Trojan.Agent.apv
CyrenW32/S-6174ea28!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/FlyStudio.Injector.A potentially unwanted
APEXMalicious
ClamAVWin.Malware.Flystudio-9752414-0
KasperskyTrojan.Win32.Kolovorot.pg
BitDefenderGen:Heur.PWSIME.2
NANO-AntivirusTrojan.Win32.BlackHole.cuetck
AvastWin32:Malware-gen
TencentWin32.Trojan.Kolovorot.Vylw
Ad-AwareGen:Heur.PWSIME.2
EmsisoftGen:Heur.PWSIME.2 (B)
ComodoMalware@#2gazfjm73i6cu
DrWebTrojan.DownLoader5.38831
VIPREGen:Heur.PWSIME.2
McAfee-GW-EditionBehavesLike.Win32.MultiDropper.wm
Trapminesuspicious.low.ml.score
SophosGeneric ML PUA (PUA)
IkarusTrojan.Win32.Vilsel
GoogleDetected
AviraTR/Obfuscate.xzoue
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Dynamer!dtc
ArcabitTrojan.PWSIME.2
GDataGen:Heur.PWSIME.2
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZexaF.34682.fl0aa4mKkfib
ALYacGen:Heur.PWSIME.2
VBA32Trojan.Wacatac
MalwarebytesMalware.AI.3420618405
RisingMalware.Undefined!8.C (TFE:5:WvwXdvx0wDE)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/BlackHole.RTQ!tr.bdr
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Trojan.Win32.Kolovorot.pg?

Trojan.Win32.Kolovorot.pg removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment