Trojan

TrojanDownloader:Win32/Sinresby!pz malicious file

Malware Removal

The TrojanDownloader:Win32/Sinresby!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Sinresby!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/Sinresby!pz?



File Info:

name: FD172B78A8C6DD63E4A5.mlw
path: /opt/CAPEv2/storage/binaries/d21835f8f057bfad11e87430077ef95a1d64f2b784fbb71a19a5c1b6bd392a5e
crc32: 35D0DCC5
md5: fd172b78a8c6dd63e4a5db73988bfc03
sha1: abad695720dd96a62ed7eabd77291d411bdd2bad
sha256: d21835f8f057bfad11e87430077ef95a1d64f2b784fbb71a19a5c1b6bd392a5e
sha512: cd171a0fcbce677f188670920cdc348a52db752561bfc20617e30048bb6093a60bfc8484a0c32641a549f2269fcbe9abbcd71f0d8a061610e75bd27c91fb8fc0
ssdeep: 196608:vc+jCTYE55FAsdtk4iKCxG6J5iCRnzuzBaW+028m8ZsRieAbBLEPkSeqLo4ng:vR6Ye5ZdYKCx/r4EK28/sYea4PbxLomg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T144C633C5B1A1C0A0C6662D76FCEFF1F42B166D24EAC4580321D6FD5337B29732A299C6
sha3_384: 663d8a28fac33eeef6b2dca4f8114e8e98e55fbb8b07708c3f1bafe309ac3bf84b1faf3832d071561d19fc6da3ae2f2c
ep_bytes: 60be0070f8008dbe00a047ff5789e58d
timestamp: 2023-08-08 13:53:23


Version Info:

FileVersion: 1.0.0.0
FileDescription: 专业下载器
ProductName: 专业下载器
ProductVersion: 1.0.0.0
LegalCopyright: 作者版权所有 请尊重并使用正版
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
Translation: 0x0804 0x04b0

TrojanDownloader:Win32/Sinresby!pz also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.FlyStudio.4!c
Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Variant.Zusy.530868
FireEyeGeneric.mg.fd172b78a8c6dd63
SkyhighArtemis!Trojan
ALYacGen:Variant.Zusy.530868
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusAdware ( 0050718d1 )
K7GWAdware ( 0050718d1 )
CrowdStrikewin/malicious_confidence_60% (W)
ArcabitTrojan.Zusy.D819B4
BitDefenderThetaGen:NN.ZexaF.36608.@pMfaayZxIkb
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Packed.FlyStudio.AA potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
BitDefenderGen:Variant.Zusy.530868
AvastWin32:TrojanX-gen [Trj]
SophosMal/Generic-S
F-SecureTrojan.TR/Dldr.Sinresby.wlsaj
VIPREGen:Variant.Zusy.530868
Trapminemalicious.moderate.ml.score
EmsisoftGen:Variant.Zusy.530868 (B)
IkarusTrojan.Win32
WebrootW32.Malware.Gen
AviraTR/Dldr.Sinresby.wlsaj
Antiy-AVLTrojan[Packed]/Win32.FlyStudio
MicrosoftTrojanDownloader:Win32/Sinresby!pz
GDataWin32.Trojan.PSE.15MID6N
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R581001
McAfeeArtemis!FD172B78A8C6
MAXmalware (ai score=87)
MalwarebytesTrojan.MalPack.FlyStudio
RisingTrojan.ShellCodeRunner!1.ED43 (CLOUD)
SentinelOneStatic AI – Malicious PE
MaxSecureDropper.Dinwod.frindll
FortinetW32/CoinMiner.PHP!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.720dd9
DeepInstinctMALICIOUS

How to remove TrojanDownloader:Win32/Sinresby!pz?

TrojanDownloader:Win32/Sinresby!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment