TrojanDropper:MSIL/Habbo.A (file analysis)

The TrojanDropper:MSIL/Habbo.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDropper:MSIL/Habbo.A virus can do?

Creates RWX memory
A process created a hidden window
Drops a binary and executes it
Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine TrojanDropper:MSIL/Habbo.A?


File Info:
crc32: 8EDD6D17
md5: c795a485df6f97629bf1f5319d207d83
name: windowsrefund.exe
sha1: 8185d313dbc8f73c5fd82e7c3b0e0157828514c6
sha256: f150bdb4a455bcec6cafa42460882cf6d939282821bfff31ae468f6a6f9e7769
sha512: 023716cad464413eb960f5b7e4cd5b6e0d8060ed34ccc7fb00a9ad7af7d0e714877aa9bf92c73c37e4e6bccb859e83cc124f086c1d2389edd220db323ad57b39
ssdeep: 6144:FO+zrEsiN1PPzS97xl1Ipzn/rbOLK1r7lnCv9cf2cy3dhWFKQQI4YsFBpNrg+x9:kxsiN497xlKN/uLK13lnCv+BX1ql
type: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

Version Info:
Translation: 0x0000 0x04b0
LegalCopyright:  
Assembly Version: 0.0.0.0
InternalName: WindowsRefund.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:  
OriginalFilename: WindowsRefund.exe

TrojanDropper:MSIL/Habbo.A also known as:

DrWeb	Trojan.PWS.Siggen.27583
MicroWorld-eScan	Gen:Variant.MSILKrypt.11
FireEye	Generic.mg.c795a485df6f9762
CAT-QuickHeal	Trojan.MsilFC.S6053757
Qihoo-360	Generic/Trojan.bc3
McAfee	GenericRXAF-WW!C795A485DF6F
Cylance	Unsafe
Sangfor	Malware
K7AntiVirus	Trojan ( 0011d83e1 )
BitDefender	Gen:Variant.MSILKrypt.11
K7GW	Trojan ( 0011d83e1 )
Cybereason	malicious.5df6f9
TrendMicro	Trojan.Win32.HABBO.SM
BitDefenderTheta	Gen:NN.ZemsilF.34090.4m0@a4VGe0f
Cyren	W32/MSIL_Troj.L.gen!Eldorado
TotalDefense	Win32/MultiDropper.QQ
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Generic-6295765-0
GData	Gen:Variant.MSILKrypt.11
Kaspersky	Trojan.MSIL.Agent.foww
Alibaba	TrojanDropper:MSIL/Habbo.1058c931
NANO-Antivirus	Trojan.Win32.Zapchast.dcmmdd
ViRobot	Trojan.Win32.Z.Habbo.917504
Tencent	Msil.Trojan.Agent.Szld
Ad-Aware	Gen:Variant.MSILKrypt.11
Sophos	Troj/Subti-A
Comodo	TrojWare.MSIL.TrojanDropper.Agent.~Ajv@1zen4r
F-Secure	Trojan.TR/Dropper.Gen2
VIPRE	Trojan-Dropper.Win32.Habbo.a (v)
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Backdoor.cm
Trapmine	malicious.high.ml.score
CMC	Trojan-Dropper.MSIL.Agent!O
Emsisoft	Gen:Variant.MSILKrypt.11 (B)
Ikarus	Virus.Win32.Prorat
F-Prot	W32/MSIL_Troj.L.gen!Eldorado
Jiangmin	TrojanDropper.MSIL.cmg
Avira	TR/Dropper.Gen2
MAX	malware (ai score=81)
Endgame	malicious (high confidence)
Arcabit	Trojan.MSILKrypt.11
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	TrojanDropper:MSIL/Habbo.A
AhnLab-V3	Trojan/Win32.RL_Agent.C3633925
Acronis	suspicious
VBA32	TScope.Trojan.MSIL
ALYac	Gen:Variant.MSILKrypt.11
Malwarebytes	Backdoor.IRCBot.OLGen
Panda	Trj/CI.A
ESET-NOD32	a variant of MSIL/TrojanDropper.Agent.AST
TrendMicro-HouseCall	Trojan.Win32.HABBO.SM
Rising	Backdoor.Quasar!1.B1DD (CLOUD)
Yandex	Trojan.DR.Agent!cAmBb9WNsbI
SentinelOne	DFI – Malicious PE
eGambit	Trojan.Generic
Fortinet	MSIL/Dropper.JV!tr
AVG	MSIL:Rat-B [Trj]
Avast	MSIL:Rat-B [Trj]
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Dropper.Agent.ajv

How to remove TrojanDropper:MSIL/Habbo.A?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

TrojanDropper:MSIL/Habbo.A (file analysis)