Trojan

Trojan.Win32.ShipUp.ffht removal tips

Malware Removal

The Trojan.Win32.ShipUp.ffht is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.ShipUp.ffht virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Collects information to fingerprint the system

How to determine Trojan.Win32.ShipUp.ffht?



File Info:

name: 6A1F484A671C64C12693.mlw
path: /opt/CAPEv2/storage/binaries/31bff71d25859f149f309a1266a31b8999ff3eff2cc6dc9b8944365144194612
crc32: 78F81545
md5: 6a1f484a671c64c12693058fc264969e
sha1: 1b56d842d0cd170d7fc65fc3a3f0e74fb1942f3c
sha256: 31bff71d25859f149f309a1266a31b8999ff3eff2cc6dc9b8944365144194612
sha512: 0d0b495b42e0f9ca5b2664eba06e9bbc6f523a9eddf7bdcf96a9526c16765aab9f2a1f6fc4bce9db1722ee5a18eae11ce9290e5b01dbaaeba2861b7bea652584
ssdeep: 3072:1oUvg4fqjO00YhxuYzc6QIFqC067xd8xYCfAq:1ojV0YNzc6QIFqCNFd8XL
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15E048B6774C9B163DC22C1339F99CFE16CA63A61D3351E441292F42E8F4ED6266A360B
sha3_384: fffaedbe57805c360b01482e3f8dbf34237852f9e3e62825eb84f7c3ab49087e16fe1957c04354a3e678062c253c163e
ep_bytes: 558bec81ec20020000c70550a84200b5
timestamp: 2013-09-28 04:50:45


Version Info:

CompanyName: Корпорация Майкрософт
FileDescription: Диспетчер вызовов ATM
FileVersion: 5.1.2600.5512 (xpsp.080413-0852)
InternalName: atmadm.exe
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: atmadm.exe
ProductName: Операционная система Microsoft® Windows®
ProductVersion: 5.1.2600.5512
Translation: 0x0419 0x04b0

Trojan.Win32.ShipUp.ffht also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Mods.4
MicroWorld-eScanGen:Variant.Symmi.38293
FireEyeGeneric.mg.6a1f484a671c64c1
CAT-QuickHealTrojanDropper.Gepys.A
McAfeeZeroAccess-FDH!6A1F484A671C
MalwarebytesMalware.AI.2168767547
ZillyaTrojan.ShipUp.Win32.2882
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055e3df1 )
K7GWTrojan ( 0055e3df1 )
Cybereasonmalicious.a671c6
BitDefenderThetaGen:NN.ZexaF.34182.kC1@amIXBxcc
VirITTrojan.Win32.Mods.E
CyrenW32/ShipUp.F.gen!Eldorado
SymantecPacked.Generic.459
ESET-NOD32Win32/TrojanDropper.Gepys.AA
TrendMicro-HouseCallPossible_MALSTRC
ClamAVWin.Trojan.Shipup-298
KasperskyTrojan.Win32.ShipUp.ffht
BitDefenderGen:Variant.Symmi.38293
NANO-AntivirusTrojan.Win32.ShipUp.cqjjle
SUPERAntiSpywareTrojan.Agent/Gen-Kazy
AvastWin32:Rootkit-gen [Rtk]
TencentMalware.Win32.Gencirc.10b3eba1
Ad-AwareGen:Variant.Symmi.38293
EmsisoftGen:Variant.Symmi.38293 (B)
ComodoTrojWare.Win32.ShipUp.FFKW@542jbm
BaiduWin32.Adware.Kryptik.b
VIPRETrojan.Win32.ZAccess.a!ag (v)
TrendMicroPossible_MALSTRC
McAfee-GW-EditionBehavesLike.Win32.Emotet.ch
SophosML/PE-A + Troj/Agent-ADVT
SentinelOneStatic AI – Malicious PE
JiangminTrojan/ShipUp.abh
WebrootW32.Trojan.Gen
AviraHEUR/AGEN.1110896
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.5272BA
KingsoftHeur.SSC.2720504.1216.(kcloud)
MicrosoftTrojan:Win32/Gepys.B
GDataGen:Variant.Symmi.38293
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Shipup.R83830
Acronissuspicious
VBA32Trojan.ShipUp
ALYacGen:Variant.Symmi.38293
TACHYONTrojan/W32.ShipUp.175776.E
APEXMalicious
RisingDropper.Gepys!8.15D (RDMK:cmRtazqGQXBkX/D9yfXiIf/21Djq)
YandexTrojan.ShipUp!bA9Rr2NH+jA
IkarusTrojan.Win32.ShipUp
FortinetW32/Zbot.FG!tr
AVGWin32:Rootkit-gen [Rtk]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan.Win32.ShipUp.ffht?

Trojan.Win32.ShipUp.ffht removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment