Trojan

How to remove “Trojan.Win32.Shelma.brtn”?

Malware Removal

The Trojan.Win32.Shelma.brtn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Shelma.brtn virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • CAPE detected the PyInstaller malware family

How to determine Trojan.Win32.Shelma.brtn?



File Info:

name: 84E3A869C77669A41A04.mlw
path: /opt/CAPEv2/storage/binaries/9c19baf722a805edaeb1ced9b7b4056eedffb1e116128a91b2233a3dbcb4a125
crc32: 805E5074
md5: 84e3a869c77669a41a04c816f0f1717e
sha1: 45ee2d0ce88a4cd1086fbc7369c4dff675a7ae9b
sha256: 9c19baf722a805edaeb1ced9b7b4056eedffb1e116128a91b2233a3dbcb4a125
sha512: 5d31dc226a052cfa2aac5291b67192c8b4ba169c934223007a4ade2a9af8eaa17416b62bde664a6ba4cb0c8e23e7b3bb598ab4b10de21c1d3e04e735b30cd15d
ssdeep: 196608:JkbMUMg5+iP+2BXvrRFNIPOEbPK40tVqJj8fTRrV:fpgsiP+cDfNwD2gjk
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T19A6633C9536008A8F9BB417D4E01E23EEAB17CA10760D6D70B58192B3E97A913D7FBD1
sha3_384: 990afe173d5026ada39980ef396b2e6d4217f2208a66a6fc6335b2d9e81bb28aaa5275048c193ac44bfeb4975a9bb5d2
ep_bytes: 4883ec28e8f70400004883c428e972fe
timestamp: 2021-11-09 18:03:59


Version Info:

0: [No Data]

Trojan.Win32.Shelma.brtn also known as:

ZillyaTrojan.Agent.Script.1642598
AlibabaTrojan:Win32/Almi_Agent.f
KasperskyTrojan.Win32.Shelma.brtn
McAfee-GW-EditionBehavesLike.Win64.Generic.vc
JiangminTrojan.Agentb.kqi
Antiy-AVLTrojan/Generic.ASMalwS.34CE845
GridinsoftRansom.Win64.Sabsik.sa
CynetMalicious (score: 100)

How to remove Trojan.Win32.Shelma.brtn?

Trojan.Win32.Shelma.brtn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment