TrojanDownloader.Hilldoor removal guide

The TrojanDownloader.Hilldoor is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanDownloader.Hilldoor virus can do?

Creates RWX memory
Dynamic (imported) function loading detected
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine TrojanDownloader.Hilldoor?


File Info:
name: A29AADEE8E406788C3AE.mlw
path: /opt/CAPEv2/storage/binaries/006d07a15b287d7aef1058010fe32cb5d192ba118ec04309e2e7e005d7b0ac6c
crc32: 8368CD22
md5: a29aadee8e406788c3ae606d877f7c42
sha1: ce0d3e152d977d7d1ea12892da59a43258aa0dcd
sha256: 006d07a15b287d7aef1058010fe32cb5d192ba118ec04309e2e7e005d7b0ac6c
sha512: b6a41729b501b598f5f4445b6324adc04ed9c781b7be552cd0038758abebc5b29b2841b1c965aa20004049d5507e1ace138c88ae1e9e64fed458460f2c07d0d0
ssdeep: 24576:iYMGcq3yC1QPSMc/lbqJJSf8g21Y2vg6VMyoV:lNaS0bg4MhV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T151858C22E113883BD4B75530084B6AB18835FF422926997A77F87E5DAF32BD33D15293
sha3_384: fc73d4e9af335abc3e179ad85723b48af1b70c39035286a8d8aa9b8a391711e26f497d43d3339f603864d9d14548989c
ep_bytes: eb1066623a432b2b484f4f4b90e99860
timestamp: 2008-12-08 14:54:12

Version Info:
CompanyName: 
FileDescription: 
FileVersion: 1.0.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0804 0x03a8

TrojanDownloader.Hilldoor also known as:

Lionic	Trojan.Win32.Generic.4!c
FireEye	Generic.mg.a29aadee8e406788
Cylance	Unsafe
Sangfor	Trojan.Win32.Wacatac.C
Cybereason	malicious.52d977
BitDefenderTheta	Gen:NN.ZexaF.34638.XH0@aWnbZXeb
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Generic
NANO-Antivirus	Trojan.Win32.Hilldoor.mtbq
Avast	FileRepMalware [Trj]
Comodo	Malware@#1qmt02xdyp3s5
McAfee-GW-Edition	BehavesLike.Win32.Dropper.th
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Win32.Hilldoor
Jiangmin	TrojanDownloader.Hilldoor.an
Webroot	W32.Trojan.Gen
Microsoft	Trojan:Win32/Fareit!ml
McAfee	Artemis!A29AADEE8E40
VBA32	TrojanDownloader.Hilldoor
APEX	Malicious
Rising	Trojan.Generic!8.C3 (CLOUD)
Yandex	Trojan.GenAsa!7+H9BMW9LTs
Fortinet	W32/Hilldoor.EL!tr.dldr
AVG	FileRepMalware [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (W)

How to remove TrojanDownloader.Hilldoor?

TrojanDownloader.Hilldoor removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X