Trojan

About “TrojanDownloader:Win32/Carberp” infection

Malware Removal

The TrojanDownloader:Win32/Carberp is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Carberp virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Collects information to fingerprint the system

How to determine TrojanDownloader:Win32/Carberp?



File Info:

name: 7D29F4D606639AFD1082.mlw
path: /opt/CAPEv2/storage/binaries/0cef088d13cae67d0fbef31b00aca859abd9bdcc975003ab15c9dc42793498a0
crc32: E8AAE02A
md5: 7d29f4d606639afd10829b60ea3319a9
sha1: 59f94b7090e6c3704805b8ef847545c16b4b75e5
sha256: 0cef088d13cae67d0fbef31b00aca859abd9bdcc975003ab15c9dc42793498a0
sha512: 9682eb01d8b7c2fc0f4da880b99ad88b0985fa6c7ecd3a29ed78879db23ea3494abc7ed4f1f58466513f9ce8854ba7c9775634a4efcc9a2c33871a41ca59273c
ssdeep: 3072:dtFsN9v4CWFDx77pHfoTj6B+guGCGUeZV4rsme9XyxMSZdGBSl/rkswnpxWMnjtS:+Z41x77tAOjyGv31y+SZkBK/eW8t0oE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC041367676F13A5F13F34BA3D18657700E07E6465B8DA453ACD03E38D49BFA69E1200
sha3_384: d4b067a5033026c5ca3de06c4c7de775db0bd7359043124a94c14c6d76191c1a7bdd29a024ff9b219f03432f756c732f
ep_bytes: 60be00b044008dbe0060fbff5789e58d
timestamp: 2012-03-12 00:25:01


Version Info:

CompanyName: UGS Corp.
FileDescription: Obeys Gowns Lumpy
FileVersion: 3.9
Translation: 0x0409 0x04b0

TrojanDownloader:Win32/Carberp also known as:

LionicHeuristic.File.Generic.00×1!p
tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.Heur.Zbot.6
ClamAVWin.Trojan.Zbot-19443
FireEyeGeneric.mg.7d29f4d606639afd
CAT-QuickHealTrojanPWS.Zbot.Y
ALYacGen:Trojan.Heur.Zbot.6
CylanceUnsafe
VIPREGen:Trojan.Heur.Zbot.6
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00530dcf1 )
AlibabaTrojanDownloader:Win32/Kryptik.c7f3723b
K7GWTrojan ( 00530dcf1 )
Cybereasonmalicious.606639
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Kryptik.ACSH
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Trojan.Heur.Zbot.6
NANO-AntivirusTrojan.Win32.Carberp.rpzod
AvastWin32:Carberp-ZK [Trj]
TencentMalware.Win32.Gencirc.11690136
Ad-AwareGen:Trojan.Heur.Zbot.6
EmsisoftGen:Trojan.Heur.Zbot.6 (B)
ComodoTrojWare.Win32.Downloader.Carberp.CX@4owfj1
DrWebTrojan.Carberp.276
ZillyaBackdoor.Gbot.Win32.15758
McAfee-GW-EditionPWS-FABU!7D29F4D60663
Trapminemalicious.high.ml.score
SophosML/PE-A + Mal/Zbot-EZ
SentinelOneStatic AI – Malicious PE
JiangminBackdoor/Gbot.nho
WebrootW32.Bot.Gen
AviraTR/Crypt.ULPM.Gen
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.8F
KingsoftWin32.Troj.Generic.a.(kcloud)
MicrosoftTrojanDownloader:Win32/Carberp
ArcabitTrojan.Heur.Zbot.6
ViRobotBackdoor.Win32.A.Gbot.185344.BT
GDataGen:Trojan.Heur.Zbot.6
GoogleDetected
AhnLab-V3Spyware/Win32.Zbot.C162174
McAfeePWS-FABU!7D29F4D60663
VBA32Malware-Cryptor.ImgChk
MalwarebytesSpyware.Zbot.ES
RisingDownloader.Carberp!8.2EB (TFE:5:4mnHMpD6WLL)
IkarusTrojan-PWS.Win32.Zbot
MaxSecureTrojan.Malware.3739591.susgen
BitDefenderThetaAI:Packer.EB5647A916
AVGWin32:Carberp-ZK [Trj]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_70% (W)

How to remove TrojanDownloader:Win32/Carberp?

TrojanDownloader:Win32/Carberp removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment