Trojan

Trojan.Win32.Shelma.bhqq removal

Malware Removal

The Trojan.Win32.Shelma.bhqq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Shelma.bhqq virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Trojan.Win32.Shelma.bhqq?



File Info:

name: DBFDE828EF1F223FB942.mlw
path: /opt/CAPEv2/storage/binaries/c640099b614dd5a0812fabbfd235be783e73436d53565a63787405f62765dca8
crc32: EFDA1E64
md5: dbfde828ef1f223fb9426fcc12b8d1e8
sha1: 6fcf3346a1c8520d23e4207c2402ba9a5385f6ca
sha256: c640099b614dd5a0812fabbfd235be783e73436d53565a63787405f62765dca8
sha512: 6b23217fd2e058c3f138abde159050b3ace1a9bb3865ed7d137657a91cbb0f18c09c57554cf526c8a7018d3be599a44816f2471f0d5e3a6bb7bc9dd5549d2e72
ssdeep: 3072:vr+VtmBCPDKcZcOUmoz93z8aKDe8hNau7XcgSZS:vr+WBCWuKD1ue8hNauXb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11A142AD176849585E8353DF2C16BBB7841AB6CF58E0187C640B6F2B11632A4BFD0A93F
sha3_384: 2be8cd891641996160dbdc68e4b364376835412a58eb4ad3408446750bc3f6c39b43debcd53edac7b32a33cc31fd02fb
ep_bytes: 83ec0cc70598b3400001000000e87e06
timestamp: 1970-01-01 00:00:02


Version Info:

CompanyName: INVICTUS EUROPE
FileDescription: Amber Packer - Reflective PE Packer
FileVersion: 1.3
InternalName: Amber
LegalCopyright: Ege Balcı
OriginalFilename: amber.exe
ProductName: Amber
ProductVersion: 1.3
Translation: 0x0809 0x04e4

Trojan.Win32.Shelma.bhqq also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Packed.Amber.lG0@hCtRmdci
FireEyeGeneric.mg.dbfde828ef1f223f
ALYacGen:Packed.Amber.lG0@hCtRmdci
CylanceUnsafe
SangforTrojan.Win32.Wacatac.B
K7AntiVirusTrojan ( 0052428b1 )
AlibabaTrojan:Win32/Shelma.ba579763
K7GWTrojan ( 0052428b1 )
CrowdStrikewin/malicious_confidence_80% (W)
CyrenW32/Trojan.EDPH-3083
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Rozena.YB
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan.Win32.Shelma.bhqq
BitDefenderGen:Packed.Amber.lG0@hCtRmdci
AvastWin32:TrojanX-gen [Trj]
Ad-AwareGen:Packed.Amber.lG0@hCtRmdci
ZillyaTrojan.Shelma.Win32.8882
McAfee-GW-EditionGenericRXDU-IQ!DBFDE828EF1F
EmsisoftGen:Packed.Amber.lG0@hCtRmdci (B)
IkarusTrojan.Win32.Rozena
GDataGen:Packed.Amber.lG0@hCtRmdci
AviraHEUR/AGEN.1137815
Antiy-AVLTrojan/Generic.ASMalwS.32E305F
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
Acronissuspicious
McAfeeGenericRXDU-IQ!DBFDE828EF1F
MAXmalware (ai score=80)
VBA32BScope.Trojan.Swrort
MalwarebytesMalware.AI.1963627044
YandexTrojan.GenAsa!bNYIZc4vvZE
SentinelOneStatic AI – Malicious PE
FortinetW32/Rozena.PB!tr
BitDefenderThetaAI:Packer.AB69EED61F
AVGWin32:TrojanX-gen [Trj]
PandaTrj/GdSda.A
MaxSecureTrojan.Malware.117127114.susgen

How to remove Trojan.Win32.Shelma.bhqq?

Trojan.Win32.Shelma.bhqq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment