Trojan

Trojan.Win32.Mixer.t removal

Malware Removal

The Trojan.Win32.Mixer.t is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Win32.Mixer.t virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • NtSetInformationThread: attempt to hide thread from debugger
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Checks for the presence of known windows from debuggers and forensic tools
  • Created a process from a suspicious location
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • A script process created a new process
  • Creates a hidden or system file
  • CAPE detected the Vidar malware family
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects VirtualBox through the presence of a device
  • Attempts to modify proxy settings
  • Appears to use command line obfuscation
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Harvests cookies for information gathering
  • Attempts to execute suspicious powershell command arguments
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan.Win32.Mixer.t?


File Info:

name: AFDA3786132722230A9A.mlw
path: /opt/CAPEv2/storage/binaries/334c12ac95110f2424793e8cb268220e4b89dd622c62849e203481a5ef493c9b
crc32: 0F3AB6EA
md5: afda3786132722230a9acffdf659bd2d
sha1: 5aab8221b594dbc3651cc127bc6f9227c9c86e9a
sha256: 334c12ac95110f2424793e8cb268220e4b89dd622c62849e203481a5ef493c9b
sha512: b1df389764d62f09683906eb4604c3e88b64ac81c190b908eb00c1c8d7c5e2ff599f742e052a36715707d0f58607fa11095ca36cedce99a9f18d8cf2e14b06bd
ssdeep: 393216:xFdgxJL6AdkAwqPUoLo2TB5Ra1gNQysL08t3B/riO:XdgxJL6AIoLoch2l08J8O
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19EE6331A384090FDFF56C1793E9DF2F75EF64A864672C86F1389C0880AB5415BE8B07A
sha3_384: 0017dbf9eb0c609d8c9219ecbb8a04e3e46535090e1486af3b47de2b536e3f4d7b59965272401aa9d815de7d3d0e2ce9
ep_bytes: 558bec6aff6898c24100680691410064
timestamp: 2019-02-21 16:00:00

Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 19.00
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 19.00
Translation: 0x0409 0x04b0

Trojan.Win32.Mixer.t also known as:

LionicTrojan.Win32.Mixer.4!c
MicroWorld-eScanGen:Variant.Jaik.45703
CAT-QuickHealPUA.GenericPMF.S24746672
McAfeeArtemis!AFDA37861327
CylanceUnsafe
K7AntiVirusTrojan ( 00588c0e1 )
AlibabaBackdoor:Win32/Mixer.427375c9
K7GWTrojan ( 00588c0e1 )
Cybereasonmalicious.613272
CyrenW32/Agent.DSN.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
Paloaltogeneric.ml
ClamAVWin.Packed.Barys-9859531-0
KasperskyTrojan.Win32.Mixer.t
BitDefenderGen:Variant.Jaik.45703
NANO-AntivirusRiskware.Win32.PassView.hmklhx
AvastWin32:TrojanX-gen [Trj]
RisingTrojan.Generic@ML.96 (RDMK:RyXcvgbv6j1nZshIvQLKIQ)
Ad-AwareGen:Variant.Jaik.45703
DrWebTrojan.PWS.Stealer.31713
TrendMicroTROJ_GEN.R002C0DLA21
McAfee-GW-EditionRDN/Generic PWS.y
FireEyeGen:Variant.Jaik.45703
EmsisoftGen:Variant.Jaik.45703 (B)
GDataWin32.Trojan.RanumBot.P9OKA5
JiangminTrojan.Zapchast.adu
AviraTR/AD.Chapak.lkbia
Antiy-AVLTrojan/Generic.ASMalwS.34E9388
KingsoftWin32.Troj.Undef.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Jaik.DB287
MicrosoftTrojan:Win32/ArkeiStealer.DB!MTB
CynetMalicious (score: 99)
AhnLab-V3Malware/Win.Generic.C4844029
BitDefenderThetaGen:NN.ZedlaF.34084.n88baOE@FOp
ALYacGen:Variant.Jaik.45703
MAXmalware (ai score=81)
VBA32Trojan.Zapchast
MalwarebytesTrojan.Dropper.SFX.Generic
TrendMicro-HouseCallTROJ_GEN.R002C0DLA21
TencentWin32.Trojan.Multiple.Lscg
YandexTrojan.Zapchast!y3Uq8b8kbzw
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/BSE.4Q7Q!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/CI.A

How to remove Trojan.Win32.Mixer.t?

Trojan.Win32.Mixer.t removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment