Categories: Trojan

Trojan.Win32.Nisloder.bsc (file analysis)

The Trojan.Win32.Nisloder.bsc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan.Win32.Nisloder.bsc virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Compression (or decompression)
PlugX
Creates RWX memory
A process attempted to delay the analysis task.
Attempts to connect to a dead IP:Port (5 unique times)
Reads data out of its own binary image
Creates an excessive number of UDP connection attempts to external IP addresses
Performs some HTTP requests
Executed a process and injected code into it, probably while unpacking
Attempts to modify desktop wallpaper
Exhibits behavior characteristic of Cerber ransomware
Attempts to execute a binary from a dead or sinkholed URL
EternalBlue behavior
Attempts to modify proxy settings
Attempts to access Bitcoin/ALTCoin wallets
Generates some ICMP traffic
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.blockcypher.com

btc.blockr.io

bitaps.com

chain.so

ocsp.digicert.com

p27dokhpz2n7nvgr.1lseoi.top

How to determine Trojan.Win32.Nisloder.bsc?


File Info:
crc32: 44D4B619md5: e492f0b04323b4be91654d395a31c13dname: E492F0B04323B4BE91654D395A31C13D.mlwsha1: 1eb994a608c01a2792c0ad0c3e2a543007e76846sha256: 362727dc50737560b06ef059c6c3133bfdf9019cac236157601b0075fd260794sha512: cce86f0a540c16ceb609580fa5a04496b6266f9fac3592d9e6c80df8323db91111fc5aecf06d761978f5be167c6bdeee6cf0030e0aee4bd74a61d1722a4e81bbssdeep: 6144:Rn/L+eJss0LTMz06K/k/+CbfWPY+zcAUB1DIvUj8ivu:J1Jp0LTMNKC+CqPYecAUBNtj8Iutype: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Version Info:
0: [No Data]

Trojan.Win32.Nisloder.bsc also known as:

Bkav	W32.AIDetect.malware2
K7AntiVirus	Trojan ( 00504ea51 )
Lionic	Trojan.Win32.Nisloder.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Click3.25793
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Cerber.A
ALYac	Dropped:Trojan.GenericKD.4340819
Cylance	Unsafe
Sangfor	Trojan.Win32.Nisloder.bsc
CrowdStrike	win/malicious_confidence_100% (D)
Alibaba	Ransom:Win32/Nisloder.21ff9022
K7GW	Trojan ( 00504ea51 )
Cybereason	malicious.04323b
Cyren	W32/Cerber.JZSN-0217
Symantec	Ransom.Cerber
ESET-NOD32	a variant of Win32/Injector.DLBW
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Ransomware.Cerber-6933022-0
Kaspersky	Trojan.Win32.Nisloder.bsc
BitDefender	Dropped:Trojan.GenericKD.4340819
NANO-Antivirus	Trojan.Win32.DKWN.eljbjc
MicroWorld-eScan	Dropped:Trojan.GenericKD.4340819
Tencent	Win32.Trojan.Raas.Auto
Ad-Aware	Dropped:Trojan.GenericKD.4340819
Sophos	Mal/Generic-R + Mal/Cerber-Z
Comodo	Malware@#37j2jqf9jv5le
BitDefenderTheta	Gen:NN.ZedlaF.34088.gu4@a4QrG2pi
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_CERBER.VSAFM
McAfee-GW-Edition	BehavesLike.Win32.AdwareAdload.dc
FireEye	Generic.mg.e492f0b04323b4be
Emsisoft	Dropped:Trojan.GenericKD.4340819 (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1111165
Antiy-AVL	Trojan/Generic.ASMalwS.1EA9282
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Ransom:Win32/Cerber.G
Arcabit	Trojan.Generic.D423C53
SUPERAntiSpyware	Ransom.Cerber/Variant
GData	Dropped:Trojan.GenericKD.4340819
AhnLab-V3	Trojan/Win32.Cerber.R194627
McAfee	Artemis!E492F0B04323
MAX	malware (ai score=100)
VBA32	Trojan.Click
Panda	Trj/CI.A
TrendMicro-HouseCall	Ransom_CERBER.VSAFM
Yandex	Trojan.Injector!2TIByWXbhnc
Ikarus	Trojan.Win32.Injector
Fortinet	W32/InjectorGen.DLBW!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml