What is “Trojan.Win32.PowerShell”?

The Trojan.Win32.PowerShell is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan.Win32.PowerShell virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan.Win32.PowerShell?


File Info:
name: 28314BA7E5BC80B3A6CD.mlw
path: /opt/CAPEv2/storage/binaries/ce7a397c7563056c80b2e2e143c43858cacfd1ef82a97c5c3b1f4b48d4b21335
crc32: 13E130BB
md5: 28314ba7e5bc80b3a6cd75e836acd18b
sha1: aad5289d4d4f4b0e49ac2e29d4136c081b5f0250
sha256: ce7a397c7563056c80b2e2e143c43858cacfd1ef82a97c5c3b1f4b48d4b21335
sha512: d86262c766ae5daf83ee9cd0571d3ddafa70464d55701b8f5ec6eab77f585441f4d4234171dc00399d5c03628aeba6cb9fda233214493bea9ff3c34cac97ee01
ssdeep: 98304:A7qXH9oSMjEFb6q9K9hb7zpsrEQzfYf2fG/LjmwDSa2JwzZTPMR/ctnJsv6tWKF8://h6gk/LjVu4tTgYnJsv6tWKFdu9C9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T109B6AFD3E3C381B2D996317A1557F2278675BA0B432546D7B3D83F4AE9303E2393A285
sha3_384: 58aa649e7e27ff153cd59bbc596407e84cfcd2e4a1be8d29dde8950e215d8fe6ae89b2f9907ac332d674e7823fff969d
ep_bytes: e83cce0000e978feffff8bff558bec51
timestamp: 2023-07-07 10:45:37

Version Info:
CompanyName: AutoUpdate Jx1 - Mini
FileDescription: JXOnline1 AutoUpdate
FileVersion: 1.0.1.0
InternalName: JXOnline1 AutoUpdate
LegalCopyright: Copyright @ 2023 by Canh Trang
LegalTrademarks1: All Rights Reserved
LegalTrademarks2: All Rights Reserved
OriginalFilename: AutoUpdate.exe
ProductName: http://canhtrang.com/
ProductVersion: 1.0.1.0
Translation: 0x0409 0x04e4

Trojan.Win32.PowerShell also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.PowerShell.4!c
McAfee	Artemis!28314BA7E5BC
Malwarebytes	Trojan.PowerShell
Alibaba	Trojan:Win32/PowerShell.61a1c88c
Cyren	W32/ABRisk.MLXZ-3866
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
Kaspersky	HEUR:Trojan.Win32.PowerShell.gen
Avast	Win32:MalwareX-gen [Trj]
Tencent	Malware.Win32.Gencirc.13e98bd3
F-Secure	Trojan.TR/Redcap.skgoz
McAfee-GW-Edition	BehavesLike.Win32.BadFile.th
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
GData	Win32.Trojan.Agent.UWALLG
Google	Detected
Avira	TR/Redcap.skgoz
Antiy-AVL	Trojan/Win32.PowerShell
ZoneAlarm	HEUR:Trojan.Win32.PowerShell.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
AhnLab-V3	Trojan/Win.Generic.R576510
Cylance	unsafe
Panda	Trj/Chgt.AD
Rising	Trojan.Generic@AI.100 (RDML:zNt2tpqHfS9txra1P3lXbw)
Ikarus	Trojan-PWS.Win32.OnLineGames
Fortinet	Malicious_Behavior.SB
AVG	Win32:MalwareX-gen [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan.Win32.PowerShell?

Trojan.Win32.PowerShell removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X