Trojan

What is “Trojan.Win32.Walerlop.boc”?

Malware Removal

The Trojan.Win32.Walerlop.boc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Walerlop.boc virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Access the NetLogon registry key, potentially used for discovery or tampering
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the IcedIDStage1 malware family
  • Creates a copy of itself

How to determine Trojan.Win32.Walerlop.boc?



File Info:

name: CFD076248F478952FCEC.mlw
path: /opt/CAPEv2/storage/binaries/4afe2ca77aa004b98eb9b743367ff61500afa83445a302236df8bf79ed73768d
crc32: F75E77F6
md5: cfd076248f478952fcec6680be56517a
sha1: e67eda0d67814eb918a7a4ba6ad8361d0c08aeb1
sha256: 4afe2ca77aa004b98eb9b743367ff61500afa83445a302236df8bf79ed73768d
sha512: a7a59429d93daacba366a1ce47526f826b39430866d7d6ebb1c95f9e0b9451979e85cb2018163ec3e7be078d4642f5be0b22bb24efa427b8391049e71d27bb5c
ssdeep: 6144:43YXSg0OA72g8aRQUDujtlSXFScPUF4S:439g7A58fU0ARUN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15A745B0079D1D43EC4A2853F4895E5A62A29BD204B3194F7B7C85F4FEB7F2C06626B63
sha3_384: 18be626ce74ad7d845492f990995b4c380ea40374592f3e1cfea8fba787e00e1021d4a052ab4d5ce1017aae02ec4ee29
ep_bytes: e886940000e9000000006a1468809643
timestamp: 2015-02-25 12:09:27


Version Info:

FileDescription: Savetold
FileVersion: 6.7.78.87
LegalCopyright: Copyright (c) 2004-2015 SafeSoft Solutions
InternalName: Savetold
OriginalFilename: fourtold.exe
ProductName: Savetold
ProductVersion: 6.7.78.87
Translation: 0x0409 0x04b0

Trojan.Win32.Walerlop.boc also known as:

LionicTrojan.Win32.Walerlop.4!c
Elasticmalicious (high confidence)
DrWebTrojan.Inject4.19779
MicroWorld-eScanGen:Heur.Mint.Zard.52
FireEyeGeneric.mg.cfd076248f478952
CAT-QuickHealTrojan.WalerlopRI.S24772241
ALYacGen:Heur.Mint.Zard.52
MalwarebytesTrojan.IcedID
K7AntiVirusTrojan ( 005488e01 )
AlibabaTrojan:Win32/GenKryptik.6f89b0a0
K7GWTrojan ( 005488e01 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.34062.uu1@aq5JvYii
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenKryptik.DARM
TrendMicro-HouseCallTrojanSpy.Win32.ICEDID.YXBLGZ
Paloaltogeneric.ml
KasperskyTrojan.Win32.Walerlop.boc
BitDefenderGen:Heur.Mint.Zard.52
NANO-AntivirusTrojan.Win32.IcedID.fnmjhd
AvastWin32:Trojan-gen
Ad-AwareGen:Heur.Mint.Zard.52
SophosTroj/IcedID-BB
ZillyaTrojan.IcedID.Win32.8
TrendMicroTrojanSpy.Win32.ICEDID.YXBLGZ
McAfee-GW-EditionGenericRXHB-SA!CFD076248F47
EmsisoftGen:Heur.Mint.Zard.52 (B)
IkarusTrojan.Win32.Krypt
JiangminTrojan.Banker.IcedID.hb
AviraHEUR/AGEN.1119488
MAXmalware (ai score=82)
Antiy-AVLTrojan/Generic.ASMalwS.2AC1001
GridinsoftRansom.Win32.Sabsik.sa
GDataGen:Heur.Mint.Zard.52
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Inject.C3041317
McAfeeGenericRXHB-SA!CFD076248F47
VBA32BScope.TrojanBanker.IcedID
APEXMalicious
TencentMalware.Win32.Gencirc.10ba40c6
YandexTrojan.PWS.IcedID!8jDDfl96828
eGambitUnsafe.AI_Score_71%
FortinetW32/Kryptik.DARM!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.48f478
PandaTrj/GdSda.A

How to remove Trojan.Win32.Walerlop.boc?

Trojan.Win32.Walerlop.boc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment