Trojan

How to remove “TrojanDropper.Haed.A5”?

Malware Removal

The TrojanDropper.Haed.A5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper.Haed.A5 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempted to write directly to a physical drive
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine TrojanDropper.Haed.A5?



File Info:

name: 35D1E8786F472C88EB43.mlw
path: /opt/CAPEv2/storage/binaries/4761cfdfc7b59d9dfb7178969a9aa41953458335f7d93951ccbe086a3b1bdc66
crc32: C4DCB92E
md5: 35d1e8786f472c88eb433c64c3636361
sha1: d77938fb60d1ebcb98e19e7ca9cd0200a8ff19c6
sha256: 4761cfdfc7b59d9dfb7178969a9aa41953458335f7d93951ccbe086a3b1bdc66
sha512: fd97d7597a608cc98bc88570ebf669a387192570f5d735b2a55cfc570ccee114073438939e86288911e87b8615b11c30422f2f7704b747a4912c9af59f61e6df
ssdeep: 12288:h1OgLdaOXuunhwyAcnpDcorrLWweor+SVhZJy5rzELMMzUDX3WsN1eot9:h1OYdaO+uRx+oz5HVhuzAVoLHXt9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FF15012279E1C472D61310318A99AFE1F5F9F6240B71458BBBC90E2D3F39AA5D327742
sha3_384: b7241d265ba11866a78d09b36e296faff2b33a35cf8821b683bc5c608e82f5124f639190607699aebf5b7fb2ff48e95e
ep_bytes: 558bec6aff68e0b94100682c4a410064
timestamp: 2010-11-18 16:27:35


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.20
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.20
Translation: 0x0409 0x04b0

TrojanDropper.Haed.A5 also known as:

BkavW32.AIDetectMalware
AVGWin32:Malware-gen
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.GenericKD.1747035
FireEyeDropped:Trojan.GenericKD.1747035
CAT-QuickHealTrojanDropper.Haed.A5
SkyhighBehavesLike.Win32.Dropper.cc
McAfeeArtemis!35D1E8786F47
Cylanceunsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusProxy-Program ( 004efb261 )
AlibabaTrojan:Win32/JpiProx.725ddc9b
K7GWProxy-Program ( 004efb261 )
BitDefenderThetaGen:NN.ZexaF.36802.tuW@a84KZlpi
VirITTrojan.Win32.MulDrop5.TFB
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanProxy.JpiProx.B
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Trojan.Bicololo-11
KasperskyTrojan.Win32.Wepa.b
BitDefenderDropped:Trojan.GenericKD.1747035
NANO-AntivirusTrojan.Win32.Wepa.dbicod
AvastWin32:Malware-gen
TencentWin32.Trojan.Wepa.Bnhl
EmsisoftDropped:Trojan.GenericKD.1747035 (B)
F-SecureTrojan.TR/Rogue.327168.3
DrWebTrojan.Siggen6.19313
VIPREDropped:Trojan.GenericKD.1747035
TrendMicroTROJ_GEN.R002C0GB824
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusPUA.Monetizer.Gen7
VaristW32/Trojan.AMNU-6634
AviraADWARE/Adware.Gen7
Antiy-AVLTrojan/Win32.Wepa
KingsoftWin32.Trojan.Wepa.a
MicrosoftTrojan:Win32/Wacatac.B!ml
XcitiumApplicUnwnt@#3s160n1iz5x4f
ArcabitTrojan.Generic.D1AA85B
ZoneAlarmTrojan.Win32.Wepa.b
GDataDropped:Trojan.GenericKD.1747035
GoogleDetected
ALYacDropped:Trojan.GenericKD.1747035
VBA32Adware.MultiPlug
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0GB824
RisingTrojan.Proxy-JpiProx!8.32BC (TFE:5:lZ5MKAlHaPJ)
YandexPUA.Agent!oLP4FA1o/W4
MaxSecureAdware.JS.MultiPlug.P
FortinetW32/Wepa.B!tr
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Trojanproxy

How to remove TrojanDropper.Haed.A5?

TrojanDropper.Haed.A5 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment