Trojan

How to remove “Trojan.Win64.Shelma.ral”?

Malware Removal

The Trojan.Win64.Shelma.ral is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan.Win64.Shelma.ral virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan.Win64.Shelma.ral?


File Info:

name: 29E06D196B8D61FF8813.mlw
path: /opt/CAPEv2/storage/binaries/a3e8bfacda66212de4aab6f3fef1f8e707861c0cf233d042224409d1d18da3b0
crc32: D1C0EFBF
md5: 29e06d196b8d61ff8813618e220939b2
sha1: ed9ea5741b8764f68207aad03ce6829bef3de1ea
sha256: a3e8bfacda66212de4aab6f3fef1f8e707861c0cf233d042224409d1d18da3b0
sha512: c27ad052b0e4858ccca132902e86b64a530ae226e4f8ab95c7a98fb2a4a93243efbf9f801555746d6f324f2fa4985ac66608809a27eaa42ea6214615b7cc3141
ssdeep: 1536:kbLiMfTe6GQnVSG0QYnUdQtzv0ub6IQRAiiuLCz6RrB+/gf4:kbLiKe6R8QKUcjIIWAiif61M/G4
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T16D83027387226F7DDD5958BE0A961B45363CFE22631B574333F4219AE8967E80A013E3
sha3_384: 46794e4243e8ee8804864b335b82ea161aa1ca71d11d7beb2397b40b5d61f7c455d6af8c7ffcc45a0df36c1bad1cf42a
ep_bytes: 53565755488d35cadcfeff488dbedb9f
timestamp: 2021-12-06 09:53:41

Version Info:

CompanyName: lcDKRqJNLFES
FileDescription: OIpmdPOWsoQN
FileVersion: 2666017.9978381
InternalName: RdcEJjEfR
LegalCopyright: VlKSZJpLlCf
OriginalFilename: PcKwEtQJd
ProductName: yDZCHvLeA
ProductVersion: 4381926.2599302
Translation: 0x0809 0x04e4

Trojan.Win64.Shelma.ral also known as:

LionicTrojan.Win64.Shelma.4!c
MicroWorld-eScanTrojan.GenericKD.47643111
FireEyeTrojan.GenericKD.47643111
ALYacTrojan.GenericKD.47643111
CylanceUnsafe
ZillyaTrojan.Shelma.Win64.7035
K7AntiVirusTrojan ( 005619f11 )
K7GWTrojan ( 005619f11 )
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win64/Rozena.CF
APEXMalicious
KasperskyTrojan.Win64.Shelma.ral
BitDefenderTrojan.GenericKD.47643111
AvastWin64:Trojan-gen
Ad-AwareTrojan.GenericKD.47643111
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win64.Generic.mc
EmsisoftTrojan.GenericKD.47643111 (B)
IkarusTrojan.Win64.Rozena
GDataTrojan.GenericKD.47643111
AviraTR/Rozena.frneh
GridinsoftRansom.Win64.Sabsik.sa
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.Trojan-gen.C4834140
McAfeeArtemis!29E06D196B8D
MAXmalware (ai score=80)
VBA32Trojan.Win64.Shelma
TrendMicro-HouseCallTROJ_GEN.R011H0CL921
FortinetW64/Rozena.CF!tr
AVGWin64:Trojan-gen
PandaTrj/CI.A

How to remove Trojan.Win64.Shelma.ral?

Trojan.Win64.Shelma.ral removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment