Trojan

TrojanDropper.Haed.A5 information

Malware Removal

The TrojanDropper.Haed.A5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper.Haed.A5 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine TrojanDropper.Haed.A5?



File Info:

name: 9A461E9D9906FB40A0E7.mlw
path: /opt/CAPEv2/storage/binaries/95d2504e2ff095d258a55b089d5759cc032ab7d1141ccedf6af18dd91c5960b5
crc32: DEFBD19F
md5: 9a461e9d9906fb40a0e7906d93fac8de
sha1: e89b17c62fec6bc7ee965fc4c13c42eddfd656d6
sha256: 95d2504e2ff095d258a55b089d5759cc032ab7d1141ccedf6af18dd91c5960b5
sha512: 755cf621583e09f95a8ee4fc5e4597a48f5227adad35a9cef9f54aee7e49e5b6e6ad8e070e2de0fa2cfcbd81987eab4288097b49556fe0a1c61562b026f8128c
ssdeep: 12288:h1OgLdaO2uunhwyAcnpDcorrLWweor+SVhZJy5rzELMMzUDX3WsN1eotU:h1OYdaOpuRx+oz5HVhuzAVoLHXtU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC15022279E1C472D61310308A99AFE1F5F9F6240B71458BBBC90E2D7F39AA5D327742
sha3_384: 2054034f343f31aa9ba141784712b9bbbf499a76107629a80fe54a69cdd6e5c4a86d7195df8fc28f567aff21911373e4
ep_bytes: 558bec6aff68e0b94100682c4a410064
timestamp: 2010-11-18 16:27:35


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.20
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.20
Translation: 0x0409 0x04b0

TrojanDropper.Haed.A5 also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebTrojan.Siggen6.19313
MicroWorld-eScanDropped:Trojan.GenericKD.1747035
FireEyeDropped:Trojan.GenericKD.1747035
CAT-QuickHealTrojanDropper.Haed.A5
SkyhighBehavesLike.Win32.Dropper.cc
McAfeeArtemis!9A461E9D9906
MalwarebytesGeneric.Malware.AI.DDS
VIPREDropped:Trojan.GenericKD.1747035
SangforSuspicious.Win32.Save.ins
K7AntiVirusProxy-Program ( 004efb261 )
AlibabaTrojan:Win32/JpiProx.e3640228
K7GWProxy-Program ( 004efb261 )
BitDefenderThetaGen:NN.ZexaF.36804.tuW@a84KZlpi
VirITTrojan.Win32.MulDrop5.TFB
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanProxy.JpiProx.B
APEXMalicious
TrendMicro-HouseCallTROJ_GEN.R002C0GAU24
ClamAVWin.Trojan.Bicololo-11
KasperskyTrojan.Win32.Wepa.b
BitDefenderDropped:Trojan.GenericKD.1747035
NANO-AntivirusTrojan.Win32.Wepa.dbicod
AvastWin32:Malware-gen
TencentWin32.Trojan.Wepa.Fkjl
EmsisoftDropped:Trojan.GenericKD.1747035 (B)
GoogleDetected
F-SecureTrojan.TR/Rogue.327168.3
TrendMicroTROJ_GEN.R002C0GAU24
Trapminemalicious.high.ml.score
SophosMal/Generic-S
GDataDropped:Trojan.GenericKD.1747035
VaristW32/Trojan.AMNU-6634
AviraADWARE/Adware.Gen7
Antiy-AVLTrojan/Win32.Wepa
KingsoftWin32.Trojan.Wepa.a
XcitiumApplicUnwnt@#yyz8wcvbkox6
ArcabitTrojan.Generic.D1AA85B
ZoneAlarmTrojan.Win32.Wepa.b
MicrosoftTrojan:Win32/Vigorf.A
CynetMalicious (score: 100)
VBA32Adware.MultiPlug
ALYacDropped:Trojan.GenericKD.1747035
Cylanceunsafe
PandaTrj/CI.A
RisingTrojan.Proxy-JpiProx!8.32BC (TFE:5:lZ5MKAlHaPJ)
YandexPUA.Agent!oLP4FA1o/W4
IkarusPUA.Monetizer.Gen7
MaxSecureAdware.JS.MultiPlug.P
FortinetW32/Wepa.B!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Trojanproxy

How to remove TrojanDropper.Haed.A5?

TrojanDropper.Haed.A5 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment