Trojan

Trojan:BAT/Remosys.A (file analysis)

Malware Removal

The Trojan:BAT/Remosys.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:BAT/Remosys.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan:BAT/Remosys.A?



File Info:

name: 644F0ED6FE7E9D4F8FA3.mlw
path: /opt/CAPEv2/storage/binaries/21f5e83fb6d6e7d8455830b30d1fc7092f64907615f7fb943e9c9e142cfdf0f4
crc32: C2B2CD8E
md5: 644f0ed6fe7e9d4f8fa3930cbae3629d
sha1: b9d09118319c0dd5df8968e71c1fa254e6bbe6fa
sha256: 21f5e83fb6d6e7d8455830b30d1fc7092f64907615f7fb943e9c9e142cfdf0f4
sha512: 06a2070bb95395a05604627cb75f96fa75ebc3f896b66683d01ae627cbdc4d1945b1a8ed7ce2193224ce15e4bf437a3fb930387c0dbb7c74b5660050193b532c
ssdeep: 49152:hKJqpu14OLV/XzHWO2nk2sD7GBHk6tumfwj4WwERB9I2T5QO/iexS8xRMoi4SOPS:hKJqst5jWO1HD7GpBum4kWbRf5D/vxSD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15CE512203695C131C49631F0D25D36B1629EFEA5077011C7567C3BAAAA726E3DE3A38F
sha3_384: ee0b533d6a314f5fd325444676a1b0b8f05c7990502eef808943dd2894b625a75e582095c23334f7fd288543f2539bcc
ep_bytes: e885630000e978feffff8bff558bec56
timestamp: 2014-12-02 10:07:30


Version Info:

0: [No Data]

Trojan:BAT/Remosys.A also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanTrojan.GenericKD.31999411
FireEyeTrojan.GenericKD.31999411
McAfeeArtemis!644F0ED6FE7E
K7AntiVirusTrojan ( 00541bd61 )
AlibabaTrojan:BAT/Remosys.40a8c872
K7GWTrojan ( 00541bd61 )
Cybereasonmalicious.6fe7e9
SymantecTrojan.Gen.MBT
ClamAVWin.Dropper.DarkKomet-9867736-0
BitDefenderTrojan.GenericKD.31999411
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.31999411
EmsisoftTrojan.GenericKD.31999411 (B)
TrendMicroTROJ_GEN.R002C0DKR21
McAfee-GW-EditionBehavesLike.Win32.Generic.vc
SophosMal/Generic-S
IkarusTrojan.BAT.Remosys
AviraTR/Remosys.rbwxd
MicrosoftTrojan:BAT/Remosys.A
GridinsoftRansom.Win32.Gen.sa
ArcabitTrojan.Generic.D1E845B3
GDataTrojan.GenericKD.31999411
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Vimditator.C2889481
ALYacTrojan.GenericKD.31999411
MAXmalware (ai score=88)
MalwarebytesMalware.AI.3013903368
TrendMicro-HouseCallTROJ_GEN.R002C0DKR21
AVGWin32:Malware-gen
PandaTrj/CI.A

How to remove Trojan:BAT/Remosys.A?

Trojan:BAT/Remosys.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment