Trojan

Trojan.Win32CiR (file analysis)

Malware Removal

The Trojan.Win32CiR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32CiR virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Macedonian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the NetWire malware family

How to determine Trojan.Win32CiR?



File Info:

name: 73A3AEE5FA365B08D78D.mlw
path: /opt/CAPEv2/storage/binaries/2d6627b3f7b86fb784b7ec547b79c2d7fb71800ddfd5fd255f7cb940ee7082d3
crc32: FF34A8A6
md5: 73a3aee5fa365b08d78d50471c0c31b7
sha1: c53c825d8d4540a96e029c18d3bf1f7bede6f5b8
sha256: 2d6627b3f7b86fb784b7ec547b79c2d7fb71800ddfd5fd255f7cb940ee7082d3
sha512: b461b363aea527c11308e35fc455a232c447ebf53e1832171147a5ab3ea3e3239cda212bbd8995b5c4d37b6f9eb1a04accb46745df5b9895a86aacb0d9c5475d
ssdeep: 6144:VBXv1zr0eLBZx3kupYxojlQ7fVciMoGpzA8:VBXv1zQeVZx0upY4lYfepzP
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C9649D1133D0C032C15724718929CBF19E7FB4761A6A6ACBBBD81EBD5F247D1A63630A
sha3_384: 5d570baa4e9689dd982f5389bfe45f0b9b82b8ff00da020150e685daf699d0af71916dea561df2a81d845db4581bbd66
ep_bytes: e8bf890000e978feffff8bff558bec83
timestamp: 2020-07-14 07:41:23


Version Info:

FileVers: 65.51.36.16
ProductVersa: 7.50.25.71
InternalName: eatemas
LegalCopyrighd: Jdfglsdffa
Translations: 0x0169 0x0300

Trojan.Win32CiR also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Convagent.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Titirez.tq0@nXt0JDeG
CAT-QuickHealTrojan.Win32CiR
McAfeePacked-GBE!73A3AEE5FA36
MalwarebytesTrojan.MalPack.GS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058b7461 )
BitDefenderGen:Heur.Mint.Titirez.tq0@nXt0JDeG
K7GWTrojan ( 0058b7461 )
CrowdStrikewin/malicious_confidence_90% (W)
CyrenW32/Kryptik.FXB.gen!Eldorado
SymantecDownloader
ESET-NOD32a variant of Win32/Kryptik.HNOO
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Packed.Crypterx-9936080-0
KasperskyHEUR:Trojan.Win32.NetWire.gen
AlibabaTrojan:Win32/Azorult.e961d992
AvastWin32:CrypterX-gen [Trj]
TencentWin32.Trojan.Netwire.Ahol
EmsisoftTrojan.Crypt (A)
F-SecureHeuristic.HEUR/AGEN.1210290
TrendMicroTROJ_GEN.R06CC0DAO22
McAfee-GW-EditionBehavesLike.Win32.Emotet.fh
FireEyeGeneric.mg.73a3aee5fa365b08
SophosMal/Generic-S + Troj/Krypt-BO
IkarusBackdoor.Win32.Kredoor
AviraHEUR/AGEN.1210290
Antiy-AVLTrojan/Generic.ASCommon.215
MicrosoftTrojan:Win32/Azorult.RM!MTB
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
GDataGen:Heur.Mint.Titirez.tq0@nXt0JDeG
CynetMalicious (score: 100)
AhnLab-V3CoinMiner/Win.Glupteba.R456355
VBA32TrojanRansom.LockbitCrypt
ALYacGen:Heur.Mint.Titirez.tq0@nXt0JDeG
MAXmalware (ai score=81)
CylanceUnsafe
TrendMicro-HouseCallTROJ_GEN.R06CC0DAO22
RisingBackdoor.Convagent!8.123DC (TFE:dGZlOgUFiO5P/LcchQ)
YandexTrojan.Kryptik!RKeydRL5uQU
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HNOL!tr
BitDefenderThetaGen:NN.ZexaF.34182.tq0@aWt0JDeG
AVGWin32:CrypterX-gen [Trj]
Cybereasonmalicious.d8d454
PandaTrj/GdSda.A

How to remove Trojan.Win32CiR?

Trojan.Win32CiR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment