Trojan

TrojanDropper.NSIS.Sufrar removal

Malware Removal

The TrojanDropper.NSIS.Sufrar is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper.NSIS.Sufrar virus can do?

  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDropper.NSIS.Sufrar?



File Info:

name: 1F79F238AF51AB508DBD.mlw
path: /opt/CAPEv2/storage/binaries/a62aa6beee3e9a3b277dbb796b19404a013bce791cc127d75d047344be15b2ce
crc32: 13AC480E
md5: 1f79f238af51ab508dbd58b1047bee6c
sha1: d22edacaa7f503258f97db29a7206f1f3031fde7
sha256: a62aa6beee3e9a3b277dbb796b19404a013bce791cc127d75d047344be15b2ce
sha512: 4c8e85fa8b1f3960320d55272f7237d7b048fabc1b1a2b5f1a679ebb027436adebe0a5857437c0d605421494b5a3fe19fa24d030523f5c058b143cb9e8d8bd66
ssdeep: 49152:ON26FOnzGn6LJvqkwnpC+mWd6uIccv+SBpRPkxy:O06FOznLo0+Dd6uxcvFdR
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12FB52342F393D0B1D8AA00B40566CB768E356D3197B6C5F36FD07D6E8E703D0AA3664A
sha3_384: f4d278239054bb7b6a2ec88d6106fd6dfe3c224de1f4444a0c4f027577c3852386a858711166386ba6bcb539b66ba927
ep_bytes: e8a61d0000e989feffff8bff565733f6
timestamp: 2012-06-14 16:16:10


Version Info:

Comments: Created with Setup Factory
FileDescription: Setup Application
FileVersion: 9.1.0.0
InternalName: suf_launch
LegalCopyright: Setup Engine Copyright © 2004-2012 Indigo Rose Corporation
LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename: suf_launch.exe
ProductName: Setup Factory Runtime
ProductVersion: 9.1.0.0
Translation: 0x0409 0x04e4

TrojanDropper.NSIS.Sufrar also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Sufrar.b!c
Elasticmalicious (moderate confidence)
SkyhighBehavesLike.Win32.BadFile.vc
MalwarebytesGeneric.Malware/Suspicious
SangforDropper.NSIS.Agent.Vvss
CrowdStrikewin/grayware_confidence_60% (D)
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Trojan-Dropper.NSIS.Sufrar.gen
ViRobotTrojan.Win.Z.Sufrar.2362565
RisingTrojan.Evasion/SFACTORY!1.E9F4 (CLASSIC)
F-SecureTrojan.TR/Redcap.qieih
IkarusTrojan.Win32.Farfli
VaristW32/Agent.CIX.gen!Eldorado
AviraTR/Redcap.qieih
ZoneAlarmHEUR:Trojan-Dropper.NSIS.Sufrar.gen
AhnLab-V3Trojan/Win.Malware-gen.C5500627
McAfeeArtemis!1F79F238AF51
DeepInstinctMALICIOUS
VBA32TrojanDropper.NSIS.Sufrar
TrendMicro-HouseCallTROJ_GEN.R002H07J423
TencentNsis.Trojan-Dropper.Sufrar.Iflw
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.216064600.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
AvastWin32:Malware-gen

How to remove TrojanDropper.NSIS.Sufrar?

TrojanDropper.NSIS.Sufrar removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment