Trojan

About “TrojanDownloader.Dapato” infection

Malware Removal

The TrojanDownloader.Dapato is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader.Dapato virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • Presents an Authenticode digital signature
  • A process attempted to delay the analysis task.
  • Unconventionial language used in binary resources: Turkish
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Attempts to modify proxy settings
  • Creates a slightly modified copy of itself
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
download.citrixonline.com
builds.cdn.citrixonline.com
builds.citrixonlinecdn.com

How to determine TrojanDownloader.Dapato?



File Info:

crc32: A8197280
md5: cd2c8b69c1e44a49e0c638125d22b565
name: CD2C8B69C1E44A49E0C638125D22B565.mlw
sha1: 421ba4fa9b2e298c31ea2cbac6dee614d2379d7c
sha256: ddaab90684a7ee3a9e8ff869a1d1f77f53b4f7722b43ef681dd91ca0ada56df8
sha512: 99349ef4c0b871a6dd6216b8ae026430dd8776ae2fe7dd3acaa0b0be4f7f1bd69ddc301022b4eceb60b05286b4af27304da3515caf7e4481e3d7920899e1ad4f
ssdeep: 6144:hT89VLHqiSsFPzmQhv45Vd5dIlhUCsw4/Peg0937qQ+FNnoSiw6BLydL8A4++s+f:h0KnsF1IVd5yOOE10qtoSiwAe98EU
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed


Version Info:

LegalCopyright: Copyright xa9 2012-2017  Citrix Systems, Inc.
InternalName: CitrixOnlineWebDeploymentApp
FileVersion: 1.0.0.449
CompanyName: Citrix Online
ProductName: Citrix Online Web Deployment Helper
ProductVersion: 1.0.0.449
FileDescription: Citrix Online Launcher
OriginalFilename: CitrixOnlineWebDeploymentApp.exe
Translation: 0x0409 0x04e4

TrojanDownloader.Dapato also known as:

JiangminBackdoor.Generic.arrr
VBA32TrojanDownloader.Dapato
PandaGeneric Suspicious

How to remove TrojanDownloader.Dapato?

TrojanDownloader.Dapato removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment