Trojan

How to remove “TrojanDownloader:Win32/Chekafe.A”?

Malware Removal

The TrojanDownloader:Win32/Chekafe.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Chekafe.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Emumerates physical drives
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/Chekafe.A?



File Info:

name: E9EE60E206AA2EFC8C09.mlw
path: /opt/CAPEv2/storage/binaries/edc2e0b2740aaad2f7a2f5124eeb68d425209aeefb48cb4266190969fb95517b
crc32: 87CEB5C9
md5: e9ee60e206aa2efc8c09c325ee6c6d34
sha1: 68c8e5d71b684d31a739269ef8fb0ff6bb379789
sha256: edc2e0b2740aaad2f7a2f5124eeb68d425209aeefb48cb4266190969fb95517b
sha512: 23a56145ee7244cbec4a5856d1057a757a6a2916d10cb4ba77e26c3f8ed2aef92e3fdba64d48e39e51fa1c80fd25240eeda5c7612f6e37dc860bd474d971591a
ssdeep: 12288:yXD5jZ1IOEC4cEBNz+1TjIZDr2LzBRe9xFwbVCzT+gT+4e:yXD5jZTwNz+Ch62jmVMTvCX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B1B412A055C8847BE2938B3141A29F35D27FEE8D7A3A118F1F453EB637372D2A616403
sha3_384: cd4407c361b72acb405d50b5c68ff2956d244d38e4c1cf3836a52e92eee3ed12b5f216f94c3430ca051e1a9569d60be7
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-05-03 14:08:38


Version Info:

0: [No Data]

TrojanDownloader:Win32/Chekafe.A also known as:

BkavW32.AIDetectMalware
DrWebTrojan.DownLoad2.14395
MicroWorld-eScanDropped:Backdoor.Hupigon.261667
ClamAVWin.Worm.Mytob-270
FireEyeGeneric.mg.e9ee60e206aa2efc
ALYacDropped:Backdoor.Hupigon.261667
Cylanceunsafe
K7AntiVirusTrojan ( 005257651 )
AlibabaTrojanDownloader:Win32/Chekafe.a58ff209
K7GWTrojan ( 005257651 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZexaF.36348.aiHday2F3Meb
VirITTrojan.Win32.Agent2.ALQP
CyrenW32/Downloader.AT.gen!Eldorado
SymantecDownloader
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDownloader.Chekafe.B
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderDropped:Backdoor.Hupigon.261667
NANO-AntivirusTrojan.Win32.DownLoad2.cxagtv
AvastWin32:Trojan-gen
TencentWin32.Trojan.ATRAPS.Ewnw
SophosGeneric ML PUA (PUA)
F-SecureTrojan.TR/Crypt.NSPM.Gen
VIPREDropped:Backdoor.Hupigon.261667
McAfee-GW-EditionBehavesLike.Win32.Trojan.hc
Trapminesuspicious.low.ml.score
EmsisoftDropped:Backdoor.Hupigon.261667 (B)
IkarusTrojan-Dropper.Win32.Mudrop
GDataDropped:Backdoor.Hupigon.261667
JiangminTrojan/Agent.qro
AviraTR/ATRAPS.Gen2
Antiy-AVLTrojan[Downloader]/Win32.Agent
XcitiumMalware@#by6p9ltwj5gi
ArcabitBackdoor.Hupigon.D3FE23
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojanDownloader:Win32/Chekafe.A
GoogleDetected
AhnLab-V3Downloader/Win32.Agent.C74254
Acronissuspicious
McAfeeArtemis!E9EE60E206AA
MAXmalware (ai score=100)
VBA32BScope.Trojan.SvcHorse.01643
MalwarebytesTrojan.Dropper
PandaTrj/CI.A
RisingTrojan.BHOHijack!1.663D (CLOUD)
YandexTrojan.ATRAPS!N4yr5bERTd0
FortinetW32/OnlineGames!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.206aa2
DeepInstinctMALICIOUS

How to remove TrojanDownloader:Win32/Chekafe.A?

TrojanDownloader:Win32/Chekafe.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment