Trojan

How to remove “TrojanDownloader:Win32/Small.AHY”?

Malware Removal

The TrojanDownloader:Win32/Small.AHY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Small.AHY virus can do?

  • Sample contains Overlay data
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the shellcode get eip malware family
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDownloader:Win32/Small.AHY?



File Info:

name: E00B122540D76602E08E.mlw
path: /opt/CAPEv2/storage/binaries/312c749057a7174fcb3dfb6defc2e900113e4195dd8b6774a2b8d1a4e8093b49
crc32: B74B8539
md5: e00b122540d76602e08effa7d460aaff
sha1: 043fe08403761d79bb909ae73b76cfa3d66d0e6a
sha256: 312c749057a7174fcb3dfb6defc2e900113e4195dd8b6774a2b8d1a4e8093b49
sha512: 34836554a821bac61ea2cdc1d793de75a6bffe6be75eb9b7a01c8b73988fbfea44c55b1fcc8a0fea7d56fd8d05efece12db9f2f76d931da92f9ec2fa9bd2bd85
ssdeep: 12288:jhS+gdlCZuq56BaRTqYLHU3FY92KvhXHMwIZ:1J4CuqJqEHeiNvhXM/
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T16EF49E12F7D2C174C98F057028AB1B2F267DA69587685EC3D3985E0F6F623D287325CA
sha3_384: ff2982044901f8c273b55c93ebbbe3d11a504f02c0a3fef32523c3e5a8ba795e2305fd9faaad38d70bfb0a8364b8ce5a
ep_bytes: 6a0c6890480510e8310b000033c04089
timestamp: 2010-08-18 02:48:07


Version Info:

CompanyName: 360shadubaosha
FileDescription: 360baosha
FileVersion: 1, 0, 0, 1
LegalCopyright: 
ProductName: setup1368
ProductVersion: 1, 0, 0, 1
Translation: 0x0804 0x04b0

TrojanDownloader:Win32/Small.AHY also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Kykymber.lmDX
MicroWorld-eScanGen:Variant.Adware.Graftor.13265
FireEyeGeneric.mg.e00b122540d76602
SkyhighBehavesLike.Win32.Corrupt.bt
McAfeeGenericRXEQ-DA!E00B122540D7
Cylanceunsafe
ZillyaAdware.Adnur.Win32.381
SangforSuspicious.Win32.Save.ins
CrowdStrikewin/malicious_confidence_60% (W)
AlibabaTrojanDownloader:Win32/Adnur.94a37018
K7GWAdware ( 004ba5501 )
K7AntiVirusAdware ( 004ba5501 )
VirITAdware.Generic.AMMV
SymantecAdware.Rugo
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Adware.WSearch
APEXMalicious
TrendMicro-HouseCallTROJ_AGENT_020090.TOMB
ClamAVWin.Adware.Adnur-1
KasperskyTrojan-Downloader.Win32.Adnur.wfw
BitDefenderGen:Variant.Adware.Graftor.13265
NANO-AntivirusRiskware.Win32.Adnur.ikoal
AvastWin32:Agent-GRW [Trj]
TencentMalware.Win32.Gencirc.11498ed7
EmsisoftGen:Variant.Adware.Graftor.13265 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebAdware.Siggen.14933
VIPREGen:Variant.Adware.Graftor.13265
TrendMicroTROJ_AGENT_020090.TOMB
SophosMal/Generic-S
IkarusTrojan-Downloader.Win32.Adnur
JiangminAdware/Adnur.gz
WebrootW32.Adware.Rugo
GoogleDetected
AviraTR/Crypt.XPACK.Gen
VaristW32/AdLoad.M.gen!Eldorado
Antiy-AVLTrojan[Downloader]/Win32.Adnur
KingsoftWin32.Troj.Undef.a
MicrosoftTrojanDownloader:Win32/Small.AHY
XcitiumTrojWare.Win32.TrojanDownloader.Dadobra.~JH9@1qlqpa
ArcabitTrojan.Adware.Graftor.D33D1
ZoneAlarmTrojan-Downloader.Win32.Adnur.wfw
GDataWin32.Trojan.PSE.N540AG
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Adnur.R1483
VBA32BScope.TrojanDownloader.Small
ALYacGen:Variant.Adware.Graftor.13265
MAXmalware (ai score=99)
MalwarebytesWSearch.Adware.SearchHijacker.DDS
PandaTrj/Genetic.gen
RisingAdware.Agent!1.6A64 (CLASSIC)
YandexTrojan.GenAsa!sflTgUdrPps
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1717517.susgen
FortinetW32/Adnur.A!tr
AVGWin32:Agent-GRW [Trj]
DeepInstinctMALICIOUS
alibabacloudAdWare:Win/Adnur.wfw

How to remove TrojanDownloader:Win32/Small.AHY?

TrojanDownloader:Win32/Small.AHY removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment