Fake Trojan

TrojanDownloader:Win32/FakeIE.A malicious file

Malware Removal

The TrojanDownloader:Win32/FakeIE.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/FakeIE.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Harvests cookies for information gathering
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/FakeIE.A?



File Info:

name: 69345778375DC4AEC449.mlw
path: /opt/CAPEv2/storage/binaries/87b48c9ae8c050c478c686963acd4358b14ab2ce7cd5ad716ce9809a304a572d
crc32: 747BF5AF
md5: 69345778375dc4aec449f9b3dc7beb7b
sha1: 176aab93a8776b5d983734c66de90e3e66be5f65
sha256: 87b48c9ae8c050c478c686963acd4358b14ab2ce7cd5ad716ce9809a304a572d
sha512: 45f0e2a293622a2a6b1157f6e2c99c608a3352d0648462944e38f279183399f06f5176cacec42d9118d0456946c25e479edd493b6effb3423b659c1d1cdd453a
ssdeep: 24576:p9bl6lLpn78g5zwbhxZlcOM6EhmEL6a9E5ar4:iLExZ50mx5ar4
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T187158D10B740D4B6E9C90C714EA7B6351D7F6E68AB1441CF32983A1A3D723D224BAF5B
sha3_384: 0fb8ac5cbbca3662686b3dc117eafd28586b31db956eca093d97df4c47c7ea8b2098481495a3f30cef3947c65e2250fd
ep_bytes: e83a2e0000e979feffff8bff558bec5d
timestamp: 2014-10-10 03:26:56


Version Info:

FileDescription: Mircosoft By Wina
FileVersion: 14, 10, 10, 1
ProductName: Mircosoft By Wina
ProductVersion: 14, 10, 10, 1
Translation: 0x0804 0x03a8

TrojanDownloader:Win32/FakeIE.A also known as:

BkavW32.AIDetectMalware
AVGWin32:Evo-gen [Trj]
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.BFYJ
FireEyeGeneric.mg.69345778375dc4ae
McAfeeGenericATG-FAQQ!69345778375D
MalwarebytesGeneric.Malware.AI.DDS
ZillyaTrojan.Agentb.Win32.5854
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 0040f9501 )
K7AntiVirusTrojan ( 0040f9501 )
ArcabitTrojan.Agent.BFYJ
BaiduWin32.Trojan.FakeIE.a
VirITTrojan.Win32.Generic.CCN
CyrenW32/A-d06c2339!Eldorado
ESET-NOD32a variant of Win32/FakeIE.AF
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Agent-1199824
KasperskyHEUR:Trojan.Multi.Generic
BitDefenderTrojan.Agent.BFYJ
NANO-AntivirusTrojan.Win32.FakeIE.dfwyog
SUPERAntiSpywareTrojan.Agent/Gen-FalDesc
AvastWin32:Evo-gen [Trj]
TencentMalware.Win32.Gencirc.10b34a90
TACHYONTrojan/W32.Agentb.955904
SophosML/PE-A
F-SecureTrojan.TR/Downloader.Gen7
DrWebTrojan.DownLoader11.36386
VIPRETrojan.Agent.BFYJ
EmsisoftTrojan.Agent.BFYJ (B)
IkarusTrojan.Win32.Agent
JiangminTrojan/Agentb.arp
WebrootW32.Malware.gen
AviraTR/Downloader.Gen7
Antiy-AVLTrojan/Win32.Agentb
XcitiumTrojWare.Win32.FakeIE.AF@58sgsr
MicrosoftTrojanDownloader:Win32/FakeIE.A
ZoneAlarmHEUR:Trojan.Multi.Generic
GDataTrojan.Agent.BFYJ
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C618426
BitDefenderThetaGen:NN.ZexaF.36318.6q0@aqfRnvcj
ALYacTrojan.Agent.BFYJ
MAXmalware (ai score=80)
VBA32TScope.Malware-Cryptor.SB
PandaTrj/Genetic.gen
RisingDownloader.FakeIE!8.198 (TFE:5:Zx8Bzs7c2zE)
YandexTrojan.FakeIE!twi9U9/1Rns
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.7175209.susgen
FortinetW32/FakeIE.AF!tr
Cybereasonmalicious.8375dc
DeepInstinctMALICIOUS

How to remove TrojanDownloader:Win32/FakeIE.A?

TrojanDownloader:Win32/FakeIE.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment