Trojan

About “Trojan.Win32.Walerlop” infection

Malware Removal

The Trojan.Win32.Walerlop is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Walerlop virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine Trojan.Win32.Walerlop?



File Info:

name: C8CDD09FCF79360D7BDD.mlw
path: /opt/CAPEv2/storage/binaries/ca38d9fe0372e1fc4b5d4f10623c40695621e8673aa9963d2e154d0836d81d5d
crc32: 68070D9B
md5: c8cdd09fcf79360d7bddb245eff622c2
sha1: bbd2c112b03c72a07718682fdb622bf0e1817c32
sha256: ca38d9fe0372e1fc4b5d4f10623c40695621e8673aa9963d2e154d0836d81d5d
sha512: c62e4560b6a31c9a0a91297f41423f1337a99c51e715dcfda3e53624e4687d85fa3120c7f8e75bc57d66007ad60ac94782fd59bd483cc355733d54cc267bc20e
ssdeep: 6144:vz3PqpoRAKIi1+TAvxYV/rfnLHrhOHcxc+rQczDanFdbza2sBtkzhvyiUv6S5g5E:vz/qCAEpYVj9c2anHna2ikzZyt6eV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1130517253A79C822E25181B9CC22D7FDA4F9BD64CD796807A5E03FDF36782874F99102
sha3_384: c71d5a84482e63e309d69798853d6dc4565bf369520297401726ac52a401a48033ab32506dc7dac699572051bc307865
ep_bytes: e89d6d0000e917feffff6a2568586146
timestamp: 2006-03-28 14:36:44


Version Info:

CompanyName: Symphony Solutions Clock
FileDescription: Bird Slow
FileVersion: 6, 0, 9069, 2419
InternalName: Bird Slow
LegalCopyright: Copyright 2016 Symphony Solutions Clock. All rights reserved.
OriginalFilename: Whitecapital.exe
ProductName: Bird Slow
ProductVersion: 6, 0, 9069, 2419
Translation: 0x0409 0x04b0

Trojan.Win32.Walerlop also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Zard.53
FireEyeGeneric.mg.c8cdd09fcf79360d
CAT-QuickHealTrojan.IcedId.S2291889
McAfeeGenericRXEP-DE!C8CDD09FCF79
ZillyaTrojan.GenKryptik.Win32.15214
K7AntiVirusTrojan ( 0052c4a41 )
BitDefenderGen:Heur.Mint.Zard.53
K7GWTrojan ( 0052c4a41 )
Cybereasonmalicious.fcf793
BitDefenderThetaGen:NN.ZexaF.34062.1q0@aSr4UMgi
CyrenW32/S-f5a83a7d!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GZGM
KasperskyHEUR:Trojan.Win32.Walerlop.gen
NANO-AntivirusTrojan.Win32.IcedID.ezhdqf
RisingTrojan.Generic@ML.97 (RDML:YLd4hFt6I1pl4MIfKjH07w)
Ad-AwareGen:Heur.Mint.Zard.53
EmsisoftGen:Heur.Mint.Zard.53 (B)
ComodoTrojWare.Win32.IcedID.D@7lg9bf
DrWebTrojan.DownLoader26.36491
VIPRETrojan.Win32.Crilock.a (v)
McAfee-GW-EditionGenericRXEP-DE!C8CDD09FCF79
SentinelOneStatic AI – Malicious PE
SophosML/PE-A
APEXMalicious
GDataGen:Heur.Mint.Zard.53
JiangminTrojan.Banker.IcedID.ac
MaxSecureWin.MxResIcn.Heur.Gen
AviraHEUR/AGEN.1120900
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.252BDE0
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.DE.R453254
VBA32BScope.Trojan.Azden
ALYacGen:Heur.Mint.Zard.53
MalwarebytesMalware.AI.2906078536
PandaTrj/Genetic.gen
TencentMalware.Win32.Gencirc.10b242c8
YandexTrojan.GenAsa!uTeTdYJizQs
FortinetW32/GenKryptik.CDUE!tr
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Trojan.Win32.Walerlop?

Trojan.Win32.Walerlop removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment