Trojan

TrojanDownloader:Win32/Thoper.B (file analysis)

Malware Removal

The TrojanDownloader:Win32/Thoper.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Thoper.B virus can do?

  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/Thoper.B?



File Info:

name: 2E605388C7897AA43F68.mlw
path: /opt/CAPEv2/storage/binaries/b54d5413508c02a45a56dc7db5f0362114721b0ca691b3ad4c3a7e854a9a2216
crc32: B3AB7702
md5: 2e605388c7897aa43f68b78a60657986
sha1: dc5a9763f0ef1823688b3feb5473fc8feaafcaf3
sha256: b54d5413508c02a45a56dc7db5f0362114721b0ca691b3ad4c3a7e854a9a2216
sha512: 75873b6daa46f71a04fef8e567087e5d51ca5ac24794886a52bcc0d40adcf7a0fe537668639fd1c3955ab3597815f79a417ac2d66b3e01067517d09cb7182f34
ssdeep: 3072:GmonEdSlpjbim2gWjBWhIr6YJVnxzIqMKB1hWZNmHo:G9di46r6enxzIqzB1vo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T105B38DD6A52CE278D5B16BFF5800337A74D98C348D52C982EFD88AD064F30B8676536B
sha3_384: 8ebaa77003b33fc8a44d61e25810bff07890d476f8cc8ed7e9e2d9acecbaecfe6f853384485ff14278c4adcd70025310
ep_bytes: 5356576a00e875ffffff5966357b550a
timestamp: 2010-08-25 12:01:43


Version Info:

0: [No Data]

TrojanDownloader:Win32/Thoper.B also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Inject.m!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.IPZ.6
FireEyeGeneric.mg.2e605388c7897aa4
McAfeeArtemis!2E605388C789
MalwarebytesMalware.AI.3984473869
VIPREGen:Heur.IPZ.6
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaBackdoor:Win32/Gulpix.1a8395f0
K7GWBackdoor ( 003ed5c61 )
K7AntiVirusBackdoor ( 003ed5c61 )
VirITBackdoor.Win32.Generic.AXJI
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Agent.RWV
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Gulpix.ysr
BitDefenderGen:Heur.IPZ.6
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Trojan-gen
TencentWin32.Backdoor.Gulpix.Dplw
EmsisoftGen:Heur.IPZ.6 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen
DrWebTrojan.DownLoader7.2206
ZillyaTrojan.Agent.Win32.3653572
TrendMicroTROJ_GEN.R002C0DHH23
McAfee-GW-EditionBehavesLike.Win32.Generic.cc
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Suspicious PE
GDataGen:Heur.IPZ.6
JiangminBackdoor/Inject.cni
WebrootW32.Injector.Gen
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan[Backdoor]/Win32.Inject
XcitiumMalware@#33t04d94hn13j
ArcabitTrojan.IPZ.6
ViRobotBackdoor.Win32.A.Inject.113152.D
ZoneAlarmBackdoor.Win32.Gulpix.ysr
MicrosoftTrojanDownloader:Win32/Thoper.B
GoogleDetected
BitDefenderThetaAI:Packer.93F9DD3E1E
ALYacGen:Heur.IPZ.6
VBA32BScope.Trojan-Dropper.Injector
Cylanceunsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DHH23
RisingTrojan.Generic@AI.96 (RDML:eH0AnJ84w+ldjpVwqaM4dQ)
YandexTrojan.GenAsa!4CV13xOG8pQ
IkarusWorm.Win32.Conficker
MaxSecureTrojan.Malware.1636128.susgen
FortinetW32/Agent.RWV!tr
AVGWin32:Trojan-gen
Cybereasonmalicious.3f0ef1
DeepInstinctMALICIOUS

How to remove TrojanDownloader:Win32/Thoper.B?

TrojanDownloader:Win32/Thoper.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment