Trojan

TrojanDropper.Sofacy removal guide

Malware Removal

The TrojanDropper.Sofacy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper.Sofacy virus can do?

  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics

How to determine TrojanDropper.Sofacy?



File Info:

name: 8409E477BE60918EC57E.mlw
path: /opt/CAPEv2/storage/binaries/11e92064da522ef85b820dad2ea41491ce96ffd8968a5515318638fe983b258e
crc32: 03D78F30
md5: 8409e477be60918ec57e80f0f6f2e7f9
sha1: d29ab2c8fa40edb5e0b3f70a5e4a46fce8ad8ac2
sha256: 11e92064da522ef85b820dad2ea41491ce96ffd8968a5515318638fe983b258e
sha512: 0a3610ebbc74dfa26c040fc1753760c736fee766385d026a272bfee66d816a2a5f738f57ec1da717ea8bc8315a75fdb4db45d1b7be70e05799289dc145ff8477
ssdeep: 98304:rCDZp0DlpObZkQUZwyEw69V4WipqCpnmgR+r583:Up0DlpObmtZ/EwcV4WidIN83
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A06D036B6898029F1E35074601E5B2769E0BBBA1717559BF3C06DBD38F12D18A29F0F
sha3_384: c144cba8aacdec0d08125bd66b4cd460fae119d8d35790647ef122aa6863279e144d2102cc7a80e66ab146c04ac5ca03
ep_bytes: e803f10000e978feffff5064ff350000
timestamp: 2008-07-21 22:57:40


Version Info:

CompanyName: The Internet Marketing Center
FileDescription: eBook Viewer
FileVersion: 6.5.0.11
InternalName: Viewer.exe
LegalCopyright: (c) The Internet Marketing Center.  All rights reserved.
OriginalFilename: Viewer.exe
ProductName: eBook Viewer
ProductVersion: 6.5.0.11
Translation: 0x0409 0x04e4

TrojanDropper.Sofacy also known as:

BkavW32.Common.A718BDBD
SangforTrojan.Win32.Agent.Vs3d
KasperskyHEUR:Trojan-Ransom.Win32.Encoder.gen
AvastWin32:Malware-gen
ZillyaDropper.Sofacy.Win32.3
McAfee-GW-EditionArtemis!Trojan
JiangminDownloader.Soft32.bg
Kingsoftmalware.kb.a.742
XcitiumTrojWare.Win32.Trickybot.A@7kpen0
ZoneAlarmHEUR:Trojan-Ransom.Win32.Encoder.gen
McAfeeArtemis!8409E477BE60
VBA32TrojanDropper.Sofacy
Cylanceunsafe
PandaTrj/RansomGen.A
RisingTrojan.Generic@AI.92 (RDML:Lb0Ip2pYSsDfONPq+QxBuA)
MaxSecureTrojan.Malware.73715490.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove TrojanDropper.Sofacy?

TrojanDropper.Sofacy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment