Trojan

TrojanDownloader:Win32/Waledac removal tips

Malware Removal

The TrojanDownloader:Win32/Waledac is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Waledac virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Attempts to connect to a dead IP:Port (51 unique times)
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Slovenian
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics
  • Binary compilation timestomping detected

How to determine TrojanDownloader:Win32/Waledac?



File Info:

name: 1B223119AA138B644600.mlw
path: /opt/CAPEv2/storage/binaries/003df38f310c9bbd78815d004970c1aa072e8045b05e65feb73c4a81ba5a6ac6
crc32: 8287D11A
md5: 1b223119aa138b6446007d47849d3e32
sha1: bbb180970ac7efced8dd3db152337c922a9cc930
sha256: 003df38f310c9bbd78815d004970c1aa072e8045b05e65feb73c4a81ba5a6ac6
sha512: ba3645ce4889cabdb7b9e69b5b902f4be268c60b8db0cb62e5dd7cadeb3b96e3c4edd3b7a19b389b8a1f635b87eb454d0b9ee14c1ba31788a86711b5839f89aa
ssdeep: 1536:dCy062gxgoIqfecAqBJjp3kmLLajSNFk43JSyThNlQl2g+:Yr3Qfeg7j94jGk45SCya
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19C931703CB75CCE1E021EE70C5993BF4605BB2325621619A5F789E1F81D86A38DD327E
sha3_384: 815ea76a4bb71916989a116faad48fe6c42146106850a1629f667924c2b0123d1da03b9a0b943d4342b0934682b98bcc
ep_bytes: 558bec6aff68e025400068381c400064
timestamp: 2106-01-14 02:30:58


Version Info:

0: [No Data]

TrojanDownloader:Win32/Waledac also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Multi.Generic.4!c
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Ulise.265684
FireEyeGeneric.mg.1b223119aa138b64
CAT-QuickHealTrojanDownloader.Waledac.A4
ALYacGen:Variant.Ulise.265684
CylanceUnsafe
VIPREGen:Variant.Ulise.265684
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 005867e41 )
BitDefenderGen:Variant.Ulise.265684
K7GWTrojan ( 005867e41 )
CrowdStrikewin/malicious_confidence_100% (D)
BaiduWin32.Trojan.Injector.iq
CyrenW32/S-2ba565a8!Eldorado
SymantecRansom.Cryptolocker
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.CXAA
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Malware.Bstz-7083600-0
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojanDownloader:Win32/Injector.b266b618
NANO-AntivirusTrojan.Win32.Autoruner2.ebsdmq
RisingTrojan.Generic@AI.88 (RDML:rKC398pWxKtYun/YU7oG4w)
Ad-AwareGen:Variant.Ulise.265684
EmsisoftGen:Variant.Ulise.265684 (B)
ComodoMalware@#296ago89915wj
DrWebTrojan.DownLoader21.29502
ZillyaTrojan.InjectorCRTD.Win32.240
TrendMicroTROJ_GEN.R002C0DH622
McAfee-GW-EditionPWSZbot-FAPO!1B223119AA13
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Mal/Zbot-UM
JiangminTrojan.Generic.vtcm
AviraHEUR/AGEN.1230560
MAXmalware (ai score=85)
Antiy-AVLTrojan/Generic.ASMalwS.3C54
KingsoftWin32.Troj.GenericKD.v.(kcloud)
MicrosoftTrojanDownloader:Win32/Waledac
GDataGen:Variant.Ulise.265684
CynetMalicious (score: 99)
McAfeePWSZbot-FAPO!1B223119AA13
VBA32BScope.Malware-Cryptor.Hlux
MalwarebytesTrojan.Kelihos
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DH622
TencentMalware.Win32.Gencirc.10bfdee6
YandexTrojan.Ekstak!pYx0e+mKY+g
IkarusTrojan.Win32.Injector
FortinetW32/Generic.AC.33F085!tr
BitDefenderThetaGen:NN.ZexaF.34582.fqZ@aipuMKh
AVGWin32:Malware-gen
Cybereasonmalicious.9aa138
AvastWin32:Malware-gen

How to remove TrojanDownloader:Win32/Waledac?

TrojanDownloader:Win32/Waledac removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment