Categories: Trojan

What is “Trojan:BAT/Gepys.A”?

The Trojan:BAT/Gepys.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:BAT/Gepys.A virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction – unpacking
Attempts to connect to a dead IP:Port (1 unique times)
Sample contains Overlay data
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Anomalous file deletion behavior detected (10+)
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
A named pipe was used for inter-process communication
Starts servers listening on 127.0.0.1:0
Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Behavioural detection: Injection (inter-process)
Created a process from a suspicious location
A possible heap spray exploit has been detected
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Harvests cookies for information gathering
Collects information to fingerprint the system

How to determine Trojan:BAT/Gepys.A?


File Info:
name: C887FB11FC112F70FC65.mlwpath: /opt/CAPEv2/storage/binaries/00d99529990012f73b6ab3a726619756447504c9fb14f5164f3f3c73da02619dcrc32: CFD73234md5: c887fb11fc112f70fc6550028a2c900csha1: a03a1c230fbbe5f5a9b05d3f3fa6fa558fdbf4c8sha256: 00d99529990012f73b6ab3a726619756447504c9fb14f5164f3f3c73da02619dsha512: 77013085717db84d82b336a452ace869da0322e3fbe15866e229242bb43fae669179765ec2eb50711a1df9e8c705b8acc7ceb921cb96cc952f33b32b02a26243ssdeep: 12288:tK2mhAMJ/cPl2cHobZ5TT7crJv5ay5MGoPYqyebu+fup0PDI2d:82O/Gl677s4YdrpaFtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1AAE4F1427A81D0B4EC240E34047B9F1A5B72BC386CB4A957FB95B64EFB72391342A717sha3_384: 7c3ce8959dd598834c4589eb5caa89ad8cf6325ee808e1142b58bd0e3a4bd6e99763a8782885cd1b7e3cbf2b5c7946caep_bytes: e8e3feffff33c050505050e89f300000timestamp: 2012-06-09 13:19:49
Version Info:
0: [No Data]

Trojan:BAT/Gepys.A also known as:

Lionic	Trojan.Win32.ShipUp.mwEE
MicroWorld-eScan	Trojan.ScriptKD.512
FireEye	Trojan.ScriptKD.512
CAT-QuickHeal	TrojanPWS.Zbot.Y
ALYac	Gen:Variant.Razy.749567
Cylance	Unsafe
Zillya	Trojan.ShipUp.Win32.1168
Sangfor	Trojan.Win32.Agent.Vpkd
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanDownloader:Win32/CeeInject.eca24bf7
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.1fc112
BitDefenderTheta	Gen:NN.ZexaF.34806.oq0@aqP3dNgi
VirIT	Trojan.Win32.Siggen5.CTY
Cyren	W32/Zbot.JC.gen!Eldorado
Symantec	Trojan.Gen.3
Elastic	malicious (high confidence)
ESET-NOD32	multiple detections
Baidu	Multi.Threats.InArchive
TrendMicro-HouseCall	TROJ_KRYPTK.SML3
Paloalto	generic.ml
ClamAV	Win.Trojan.Redirect-6055402-0
Kaspersky	Trojan.Win32.ShipUp.boe
BitDefender	Trojan.ScriptKD.512
NANO-Antivirus	Trojan.Win32.ShipUp.bqpmbi
SUPERAntiSpyware	Trojan.Agent/Gen-Dropper
Avast	BV:Malware-gen
Tencent	Win32.Trojan.Shipup.Kzfl
Ad-Aware	Trojan.ScriptKD.512
Comodo	TrojWare.Win32.Kryptik.AYQE@4wlbfl
DrWeb	Trojan.DownLoader10.14978
VIPRE	Trojan.ScriptKD.512
TrendMicro	TROJ_KRYPTK.SML3
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
Trapmine	malicious.moderate.ml.score
Sophos	ML/PE-A + Troj/Zbot-EHY
APEX	Malicious
GData	Win32.Trojan.Gepys.GKTY46
Jiangmin	Trojan/ShipUp.ix
Avira	TR/Dropper.Gen
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Generic.ASMalwS.217
Kingsoft	Win32.Troj.ShipUp.b.(kcloud)
ViRobot	Trojan.Win32.Z.Agent.717618
Microsoft	Trojan:BAT/Gepys.A
Cynet	Malicious (score: 99)
McAfee	Artemis!C887FB11FC11
VBA32	Trojan.Redirect
Malwarebytes	ShipUp.Worm.Autorun.DDS
Ikarus	Trojan.Win32.Spy
Rising	Trojan.Kryptik!1.AB51 (CLASSIC)
SentinelOne	Static AI – Malicious SFX
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.AYTK!tr
AVG	BV:Malware-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)