Categories: Trojan

Trojan.Win32.Walerlop.aat removal

The Trojan.Win32.Walerlop.aat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Walerlop.aat virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Manipulates data from or to the Recycle Bin
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Deletes its original binary from disk
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Installs itself for autorun at Windows startup

Related domains:

fget-career.com
bing.com
yahoo.com

How to determine Trojan.Win32.Walerlop.aat?



File Info:

name: 39DCCF6BCA6590172526.mlwpath: /opt/CAPEv2/storage/binaries/22eaf8f72035c5a2542533f5dabbcb924a8bcdefabf4ba2b7bdef61c09d4dd2fcrc32: 35CF1584md5: 39dccf6bca6590172526ce0c443af21asha1: c8b4fe691ce10c5a7698af6dfda7c995347d11bdsha256: 22eaf8f72035c5a2542533f5dabbcb924a8bcdefabf4ba2b7bdef61c09d4dd2fsha512: a7cfe5d43de0ca625d7b25ad43ae936a9d94c17e7ecefc1db70de0107f2556eef58d6f26f4257506c431d86494a999712ea5949aedefa869f2f44a4c33cf3e55ssdeep: 3072:sYFX6iyAoCeZTKMtAhpi3oVcAQZnkFg/+R4zzkjR/9JTRotVv/zOEbtmEO+CYqqU:VKhHKhv0oVcA+r/A4A11Rot9bXto0kitype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T13E74AFB365E64098E684213ACC672978A353FC5816B1C7BF7240D9BF8C29245EE2730Fsha3_384: 2bc5f7043ca892019dea7064481621190c13c6e1b2fc422b40c539eb4fbac49658c2c0105151f46be2353c9f6b87df65ep_bytes: 558bec6aff68388f400068ea68400064timestamp: 2016-05-02 03:28:33

Version Info:

Comments: CompanyName: 3LSOFTFileDescription: FileVersion: 1.00InternalName: vsRepairLegalCopyright: LegalTrademarks: OriginalFilename: vsRepair.exePrivateBuild: ProductName: vsRepairProductVersion: 1.00SpecialBuild: Translation: 0x0804 0x04b0

Trojan.Win32.Walerlop.aat also known as:

Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Dropped:Trojan.Zbot.IVF
FireEye Generic.mg.39dccf6bca659017
ALYac Dropped:Trojan.Zbot.IVF
Malwarebytes Malware.AI.2432574958
K7AntiVirus Trojan ( 0055dd191 )
K7GW Trojan ( 0055dd191 )
Cybereason malicious.bca659
Baidu Win32.Trojan.Kryptik.te
Cyren W32/Trojan.IM1.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.DDGL
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Gh0stRAT-7770160-0
Kaspersky Trojan.Win32.Walerlop.aat
BitDefender Dropped:Trojan.Zbot.IVF
NANO-Antivirus Trojan.Win32.Walerlop.ezphas
Rising Trojan.Kryptik!1.AAD1 (CLASSIC)
Ad-Aware Dropped:Trojan.Zbot.IVF
TACHYON Trojan/W32.Walerlop.344064
Emsisoft Dropped:Trojan.Zbot.IVF (B)
Comodo Backdoor.Win32.Zegost.ML@828ixj
DrWeb Trojan.Packed.20343
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition GenericR-HYE!39DCCF6BCA65
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Crypt
Jiangmin Backdoor.Farfli.agq
Avira HEUR/AGEN.1103111
Antiy-AVL Trojan/Generic.ASMalwS.184F63C
Microsoft Trojan:Win32/Farfli.DSK!MTB
GData Dropped:Trojan.Zbot.IVF
Cynet Malicious (score: 100)
McAfee GenericR-HYE!39DCCF6BCA65
MAX malware (ai score=99)
VBA32 BScope.Trojan.Fsysna
Panda Trj/Genetic.gen
Tencent Malware.Win32.Gencirc.10b3dc82
Yandex Trojan.Walerlop!Ljf39NRexX8
SentinelOne Static AI – Suspicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/Kryptik.DDGL!tr
BitDefenderTheta Gen:NN.ZexaF.34294.vq0@a81c0@eb
AVG Win32:BackdoorX-gen [Trj]
Avast Win32:BackdoorX-gen [Trj]
CrowdStrike win/malicious_confidence_80% (D)
MaxSecure Trojan.Malware.300983.susgen

How to remove Trojan.Win32.Walerlop.aat?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: bing.comfget-career.comTrojan.Win32.Walerlop.aatvsRepairyahoo.com
2 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

5 days ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

5 days ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

5 days ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

5 days ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

5 days ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

5 days ago