Trojan

Trojan.Win32.Reconyc.hobt removal instruction

Malware Removal

The Trojan.Win32.Reconyc.hobt is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Reconyc.hobt virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Creates a copy of itself
  • Creates known Njrat/Bladabindi RAT registry keys

How to determine Trojan.Win32.Reconyc.hobt?



File Info:

name: 29DD35BF697ABC28D58E.mlw
path: /opt/CAPEv2/storage/binaries/db6b3af100f0bcc7152dc3b7c39539fcee43da3ac622e95c74b3a456c4705178
crc32: 783AE823
md5: 29dd35bf697abc28d58e941977a9ce4b
sha1: 0ffbf66438de44574d7af967f662fa9fb0dc695d
sha256: db6b3af100f0bcc7152dc3b7c39539fcee43da3ac622e95c74b3a456c4705178
sha512: 0af268f3349d079f2266a8871a4a89d9d4b533fec863b757b795c6c0f60020926257252e3028be775ebe72d354f76356629c841aeb06f5626940b9bc82bfc93c
ssdeep: 3072:bx+QMgSXupDSbLiAt63Q77NpGTPdFui+8YzHcHZISbeM9+B8baRYX2JHIxCKCanl:xTSeRSXCQ7JA3ui+8ccTZa5M
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14234073126FA1288F37E8B751BD4707D8BEAE9639316F2793EA116438B62D40CD12771
sha3_384: 453b18f8aab7dfdd7efed9a5cfb3fd06fdf75668dfea333bac0e7cf3b3c736c08b123104fefc16ff5c780587215f42ac
ep_bytes: ff250020400000000000000000000000
timestamp: 2017-01-04 23:26:26


Version Info:

Translation: 0x0000 0x04b0
FileDescription: Windows
FileVersion: 1.0.0.0
InternalName: Windows.exe
LegalCopyright: Copyright ©  2017
OriginalFilename: Windows.exe
ProductName: Windows
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan.Win32.Reconyc.hobt also known as:

LionicTrojan.Win32.Reconyc.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Abuja.1
FireEyeGeneric.mg.29dd35bf697abc28
ALYacGen:Heur.MSIL.Abuja.1
MalwarebytesCrypt.Trojan.MSIL.DDS
ZillyaTrojan.Reconyc.Win32.19903
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005a4e841 )
AlibabaTrojan:Win32/Reconyc.b2fcb7a2
K7GWTrojan-Downloader ( 004c41161 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.36196.oq0@auzYqie
VirITTrojan.Win32.MSIL.AWCJ
SymantecBackdoor.Ratenjay
ESET-NOD32a variant of MSIL/Kryptik.EOO
APEXMalicious
KasperskyTrojan.Win32.Reconyc.hobt
BitDefenderGen:Heur.MSIL.Abuja.1
NANO-AntivirusTrojan.Win32.Reconyc.elwwrs
AvastWin32:Malware-gen
TencentWin32.Trojan.Reconyc.Gmnw
EmsisoftGen:Heur.MSIL.Abuja.1 (B)
F-SecureTrojan.TR/Dropper.MSIL.Gen
DrWebTrojan.Siggen6.43983
VIPREGen:Heur.MSIL.Abuja.1
McAfee-GW-EditionPacked-MR!29DD35BF697A
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.MSIL.Abuja.1
JiangminTrojan.Reconyc.gst
GoogleDetected
AviraTR/Dropper.MSIL.Gen
MAXmalware (ai score=82)
Antiy-AVLTrojan/Win32.Reconyc
XcitiumMalware@#1ui0zfikdn12i
ArcabitTrojan.MSIL.Abuja.1
ZoneAlarmTrojan.Win32.Reconyc.hobt
MicrosoftBackdoor:MSIL/Bladabindi
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Disfa.C1749930
McAfeePacked-MR!29DD35BF697A
Cylanceunsafe
PandaTrj/GdSda.A
RisingMalware.Obfus/MSIL@AI.100 (RDM.MSIL2:8G0NlhuuL7CqmK9CAE+Tew)
YandexTrojan.Reconyc!An0szui3pPc
IkarusTrojan.MSIL.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Kryptik.EOO!tr
AVGWin32:Malware-gen
Cybereasonmalicious.f697ab
DeepInstinctMALICIOUS

How to remove Trojan.Win32.Reconyc.hobt?

Trojan.Win32.Reconyc.hobt removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment