Trojan

Trojan.Win32.Shelma.brwq (file analysis)

Malware Removal

The Trojan.Win32.Shelma.brwq is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan.Win32.Shelma.brwq virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Presents an Authenticode digital signature
  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid

How to determine Trojan.Win32.Shelma.brwq?


File Info:

name: 4903C74E822DEAA09EDB.mlw
path: /opt/CAPEv2/storage/binaries/40aad5cf535f49aea21f71883d5d2a92b1e9ef01b90152c747ab75088ec62a64
crc32: 964142FC
md5: 4903c74e822deaa09edbfb21100e67df
sha1: dc872c83e2d20565595f135218b0586286db623c
sha256: 40aad5cf535f49aea21f71883d5d2a92b1e9ef01b90152c747ab75088ec62a64
sha512: 06f3620d556492e9a66c2f923c4204917f0f850ddf8fa1f2b51b3e83fabe409e123034e936f3735051e67895843e81d387db86ad8e5a83dcde1d5d81d6727ac4
ssdeep: 24576:wpSvSqGrGq8GE6Ni+09E1wHD12gtogrQUctLnWV:w87GrFE6Nf09E1wHDE1gr0WV
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1FA953926B8E204FAC57EF231C55293627A323C6547313BD72E91BA6A0A75FD42E3D311
sha3_384: e6329c85ed9d3eb732b8ac612bb40e91976d6a830b29ce787b547804283d8f76b5789195f362bfe84675e57d995e0a06
ep_bytes: 4883ec28488b0565451d00c700000000
timestamp: 2021-12-09 01:50:48

Version Info:

FileDescription: Microsoft OneNote
FileVersion: 16.0.14326.20404
InternalName: OneNote
OriginalFilename: OneNote.exe
ProductName: Microsoft OneNote
ProductVersion: 16.0.14326.20404
Translation: 0x0409 0x04b0

Trojan.Win32.Shelma.brwq also known as:

McAfeeArtemis!4903C74E822D
AlibabaTrojan:Win32/Shelma.40566111
KasperskyTrojan.Win32.Shelma.brwq
McAfee-GW-EditionArtemis!Trojan
IkarusTrojan.WinGo.Rozena
GDataMSIL.Backdoor.Rozena.OY8U1N
AviraHEUR/AGEN.1145901
MicrosoftVirTool:Win64/Kakash.gen!D
CynetMalicious (score: 99)
MalwarebytesTrojan.Crypt
TencentWin32.Trojan.Shelma.Pbff
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Win32.Shelma.brwq?

Trojan.Win32.Shelma.brwq removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment