Trojan

TrojanDownloader:Win32/Kilim.D removal instruction

Malware Removal

The TrojanDownloader:Win32/Kilim.D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Kilim.D virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Attempts to modify UAC prompt behavior
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/Kilim.D?



File Info:

name: B0BEBF0021BB357D51CD.mlw
path: /opt/CAPEv2/storage/binaries/0840923a5308e3a89ef7234da1698cfacb0caaa4ab5487312e82e7c892a1182e
crc32: E1D7C1D0
md5: b0bebf0021bb357d51cdf90940dcfa92
sha1: 5be472bf225edb35bfc8c4bf55f8effd870a9a08
sha256: 0840923a5308e3a89ef7234da1698cfacb0caaa4ab5487312e82e7c892a1182e
sha512: d2f658c145f0961c23e23aee2cb9c1a0cdddde6cad3476ef73f701eb7527a918807e5bd5ec6acb093f3e0be29c6779d35f91190f2e480171cce5a24eb322fbe1
ssdeep: 6144:I+ssXv5jUA2OpjesAOfoTb+v+90TveVBciZnbCUxP4C9tgf/AN1LtdReCBJJKKrb:COv5jKhsfoPA+yeVKUCUxP4C902bdRtn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1517423A0B46C8C96FAA0353551FD9F771A2DDF624C1A4BCC2EC5EC9274B3A611AC163C
sha3_384: 08a22ae4887c4d219d57e9c493ec246e09eebb18568678f02559feb70252a32aa3ae0a8aef822f8d6e66ce18c3d8b951
ep_bytes: 60be00c048008dbe0050f7ff57eb0b90
timestamp: 2014-12-27 02:00:13


Version Info:

Translation: 0x0809 0x04b0

TrojanDownloader:Win32/Kilim.D also known as:

BkavW32.AIDetectMalware
Elasticmalicious (moderate confidence)
DrWebTrojan.Click3.10273
MicroWorld-eScanAIT:Trojan.Nymeria.4469
FireEyeAIT:Trojan.Nymeria.4469
CAT-QuickHealTrojan.AutoIT.Kilim.Z
McAfeeArtemis!B0BEBF0021BB
MalwarebytesMalware.AI.1157032947
SangforRiskware.Win32.Agent.ky
K7AntiVirusTrojan-Downloader ( 004e58141 )
AlibabaTrojanDownloader:Win32/Kilim.f866adea
K7GWTrojan-Downloader ( 004e58141 )
Cybereasonmalicious.021bb3
CyrenW32/Downloader.HH.gen!Eldorado
SymantecTrojan.Gen.MBT
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/TrojanDownloader.Autoit.NWO
APEXMalicious
ClamAVWin.Malware.Autoit-9888455-0
KasperskyUDS:DangerousObject.Multi.Generic
BitDefenderAIT:Trojan.Nymeria.4469
NANO-AntivirusTrojan.Win32.Click3.fgxvko
AvastWin32:Rootkit-gen [Rtk]
TencentWin32.Trojan.Agen.Szfl
EmsisoftAIT:Trojan.Nymeria.4469 (B)
F-SecureHeuristic.HEUR/AGEN.1358061
VIPREAIT:Trojan.Nymeria.4469
McAfee-GW-EditionBehavesLike.Win32.Injector.fc
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
GDataGen:Variant.Strictor.71792
WebrootW32.Rogue.Gen
GoogleDetected
AviraHEUR/AGEN.1358061
XcitiumMalware@#18ghitp2hxuqk
ArcabitAIT:Trojan.Nymeria.D1175 [many]
ZoneAlarmUDS:DangerousObject.Multi.Generic
MicrosoftTrojanDownloader:Win32/Kilim.D
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Spnr.C589821
VBA32Trojan-Downloader.Autoit.gen
ALYacAIT:Trojan.Nymeria.4469
MAXmalware (ai score=100)
Cylanceunsafe
PandaTrj/CI.A
RisingTrojan.Generic@AI.96 (RDML:mSQIFeKL/MTZh9qKpeRs+g)
IkarusTrojan-Downloader.Win32.AutoIt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Autoit.NXB!tr.dldr
AVGWin32:Rootkit-gen [Rtk]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_60% (W)

How to remove TrojanDownloader:Win32/Kilim.D?

TrojanDownloader:Win32/Kilim.D removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment