Trojan

TrojanDownloader:Win32/Cekar!C (file analysis)

Malware Removal

The TrojanDownloader:Win32/Cekar!C is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Cekar!C virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • CAPE detected the embedded win api malware family
  • Binary file triggered YARA rule
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/Cekar!C?



File Info:

name: CFC452513BDB7E79A725.mlw
path: /opt/CAPEv2/storage/binaries/7b2c8c493fe209b8c903c1599ebe851d594951031d768b57c465cee95c02fcae
crc32: 3E338650
md5: cfc452513bdb7e79a725f0f7e3c45b23
sha1: fab5d7c590a9a566085a0e94dbd34215b1437d3a
sha256: 7b2c8c493fe209b8c903c1599ebe851d594951031d768b57c465cee95c02fcae
sha512: e8ad7baf8a7f62ed76a4b9e1e495d2f3666956dd3a9455b386a5f05f9e40b2ab7a8b8b446b51c3628c5712f7e197d8b555c0fb25867afe98f8eb74865357e931
ssdeep: 49152:PabH/JhGZdu9EUpowUjIXjlhabH/EhGZdu9EUpowUjIXjlhabH/EhGZdu9EUpowt:04ZwVUjITl4ZwVUjITl4ZwVUjITOCLCa
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C8C5E162BB40E01AE45384B0F969C7F639193EB286905D57B380BF5D78315E7B9B0B0B
sha3_384: 590475bd332ed16e3c92bdd41fdc5d6b2c6d5a28b2c376e3252034661c0582bea5edd607b72889f7bd06538e88e34562
ep_bytes: 68284a4000e8eeffffff000000000000
timestamp: 2007-03-12 04:30:52


Version Info:

Translation: 0x0804 0x04b0
Comments: Windows Update Manager for NT
CompanyName: Microsoft Corporation
FileDescription: Windows Update Manager for NT
LegalCopyright: Copyright (C) Microsoft Corp. 1981-1999
ProductName: Microsoft(R) Windows (R) 2000 Operating System
FileVersion: 6.01
ProductVersion: 6.01
InternalName: INCUBUS
OriginalFilename: INCUBUS.exe

TrojanDownloader:Win32/Cekar!C also known as:

Elasticmalicious (high confidence)
ClamAVWin.Trojan.Cosmu-206
FireEyeGeneric.mg.cfc452513bdb7e79
SkyhighBehavesLike.Win32.Generic.vc
McAfeeGenericRXAA-AA!CFC452513BDB
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.vb
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojanDownloader:Win32/Cosmu.244d98cf
K7GWRiskware ( 0040eff71 )
BitDefenderThetaAI:Packer.4D77F2F51C
SymantecBackdoor.Trojan
tehtrisGeneric.Malware
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Cosmu.kyb
BitDefenderWin32.Worm.VB.AND
NANO-AntivirusTrojan.Win32.Cosmu.efcdlp
MicroWorld-eScanWin32.Worm.VB.AND
AvastWin32:Agent-MEC [Trj]
TencentMalware.Win32.Gencirc.10bfd387
EmsisoftWin32.Worm.VB.AND (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebWin32.HLLW.Autoruner.47659
ZillyaTrojan.Cosmu.Win32.1974
TrendMicroTROJ_GEN.R03BC0DDI24
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
IkarusTrojan.Agent
JiangminTrojan.Cosmu.ahy
VaristW32/Trojan.CWOG-8077
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.Cosmu
XcitiumWorm.Win32.VB.AND0@1vu591
MicrosoftTrojanDownloader:Win32/Cekar.gen!C
GDataWin32.Worm.VB.AND
GoogleDetected
AhnLab-V3Trojan/Win.Cosmu.R644893
ALYacWin32.Worm.VB.AND
MAXmalware (ai score=81)
Cylanceunsafe
TrendMicro-HouseCallTROJ_GEN.R03BC0DDI24
RisingWorm.Win32.VBind.a (CLASSIC)
YandexTrojan.GenAsa!H8Joau+F6fI
SentinelOneStatic AI – Malicious PE
AVGWin32:Agent-MEC [Trj]
DeepInstinctMALICIOUS
alibabacloudVirus:Win/Cekar.DGHZCCEAQO

How to remove TrojanDownloader:Win32/Cekar!C?

TrojanDownloader:Win32/Cekar!C removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment