Trojan

Trojan.Win32.Runner.jff information

Malware Removal

The Trojan.Win32.Runner.jff is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Runner.jff virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Harvests cookies for information gathering

How to determine Trojan.Win32.Runner.jff?



File Info:

name: ADA62D18C2C62F93250F.mlw
path: /opt/CAPEv2/storage/binaries/34f1d0dfd0b16e49a35ce6377e6311fe21a81a54b0aeb02d66d34852bf1ad65f
crc32: 81F66301
md5: ada62d18c2c62f93250f8071b6e1579d
sha1: c01591914631cf034c2d657f16c743b97fa78a25
sha256: 34f1d0dfd0b16e49a35ce6377e6311fe21a81a54b0aeb02d66d34852bf1ad65f
sha512: 93599b9801285875920fee8cc1004bf81689c0b219784d70d15db764587cd46d3eac536d91ec8d6f178f47032cb2b2a058b5da8be52c5c5c7054f23eb8b94648
ssdeep: 768:73EibbXpEFOFqHn6LIfncGvAQi1LuvP2QNANPaWBRskFqhTLM+1mjQ567yGVde/5:jEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yK
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T19523F122E2CCDC45C423D1750F4361174129F644AF99CB1A6AFC622B6EE5EB4ACBC2F5
sha3_384: 05dcb947dc5c9bacec90c9aaf432659c5a3eab0d973d0680b5a8278f19485281e2536fc71cec837cea4cd90299f4655d
ep_bytes: 60be151041008dbeebfffeff5789e58d
timestamp: 2019-07-30 08:52:45


Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
ProductName: V4注入器(子程序)
OriginalFilename: V4注入器(子程序)
InternalName: V4注入器(子程序)
FileDescription: V4注入器(子程序)
CompanyName: V4注入器(子程序)
LegalTrademarks: V4注入器(子程序)
LegalCopyright: V4注入器(子程序)
PrivateBuild: V4注入器(子程序)
SpecialBuild: V4注入器(子程序)
Comments: V4注入器(子程序)
Translation: 0x0000 0x04e4

Trojan.Win32.Runner.jff also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Symmi.96312
FireEyeGeneric.mg.ada62d18c2c62f93
CAT-QuickHealTrojan.GenericPMF.S15043657
McAfeeArtemis!ADA62D18C2C6
CylanceUnsafe
ZillyaTrojan.Runner.Win32.3178
SangforSuspicious.Win32.Malware.gen
K7AntiVirusTrojan ( 0051918e1 )
AlibabaTrojan:Win32/Runner.05fdfdec
K7GWTrojan ( 0051918e1 )
CrowdStrikewin/malicious_confidence_70% (W)
BitDefenderThetaGen:NN.ZexaF.34062.cmKfauNeBbm
SymantecML.Attribute.HighConfidence
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Agen-7532797-0
KasperskyTrojan.Win32.Runner.jff
BitDefenderGen:Variant.Symmi.96312
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10ce5381
Ad-AwareGen:Variant.Symmi.96312
TACHYONTrojan/W32.Snojan.92160
EmsisoftGen:Variant.Symmi.96312 (B)
F-SecureTrojan.TR/Runner.qlzlu
TrendMicroTROJ_GEN.R011C0PIT21
McAfee-GW-EditionGenericRXIM-EG!6BFCE06B533F
SophosMal/Generic-S
GDataGen:Variant.Symmi.96312
eGambitUnsafe.AI_Score_95%
AviraTR/Runner.qlzlu
Antiy-AVLTrojan/Generic.ASMalwS.2B9E7F9
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win.Generic.R423443
ALYacGen:Variant.Symmi.96312
MAXmalware (ai score=85)
TrendMicro-HouseCallTROJ_GEN.R011C0PIT21
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
Cybereasonmalicious.8c2c62

How to remove Trojan.Win32.Runner.jff?

Trojan.Win32.Runner.jff removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment