Trojan

What is “TrojanDropper:MSIL/Lothiz.A”?

Malware Removal

The TrojanDropper:MSIL/Lothiz.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper:MSIL/Lothiz.A virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine TrojanDropper:MSIL/Lothiz.A?



File Info:

name: 40EAD9E50142F4219481.mlw
path: /opt/CAPEv2/storage/binaries/ced8de320e9cb9021661d84995d5dabde356fa0716fe7a90aa20c8eed1636b01
crc32: 0DB79E8D
md5: 40ead9e50142f4219481dce3dda21a7f
sha1: 01583c205c9be8f9d3938c45447e62be6adf6185
sha256: ced8de320e9cb9021661d84995d5dabde356fa0716fe7a90aa20c8eed1636b01
sha512: 6ed0579138925fdb46ac2d6388edf9ddd169cc38713bf428fe66fe92750f3407aa98e737b2b6e07eb0e2d42cd7c3e0c96b97714623b70f4521dc888c49e840de
ssdeep: 1536:992pV0eVxCKw36yOkAXrQ2SbKiHrDGirkypc8ZxA1+ArxXU5IDzuS0CGBlhK:9Ojw36cAXrlQKiHrDgNN9NDzuS0C4g
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A0A38D06B3D4DFB2C2AD463999B2E7620F74AD3F6701E70B18C978A55A5A3C441C72B3
sha3_384: 8907f2dc461d8c2f978a1396928eb0db9765efcd14c8ea3b9c934eb9153d9cca6a1b713ee40eb430cc934ecfd8f41506
ep_bytes: ff25ac8e400000005f436f724578654d
timestamp: 2009-10-31 10:37:08


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: Qstub.exe
LegalCopyright:  
OriginalFilename: Qstub.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

TrojanDropper:MSIL/Lothiz.A also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.MSIL.Krypt.!cdmip!.2
FireEyeGeneric.mg.40ead9e50142f421
CAT-QuickHealTrojan.GenericFC.S6049254
ALYacGen:Heur.MSIL.Krypt.!cdmip!.2
CylanceUnsafe
VIPRETrojan.Win32.Generic.pak!cobra
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0016104a1 )
BitDefenderGen:Heur.MSIL.Krypt.!cdmip!.2
K7GWTrojan ( 0016104a1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaGen:NN.ZemsilF.34182.gm3@aipqvni
VirITTrojan.Win32.Generic.FZP
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Agent.MS
TrendMicro-HouseCallTROJ_GEN.R03BC0CB322
ClamAVWin.Trojan.Zbot-9197
KasperskyBackdoor.Win32.Shiz.hprn
NANO-AntivirusTrojan.Win32.Shiz.dddxoh
APEXMalicious
RisingTrojan.Generic/MSIL@AI.100 (RDM.MSIL:yC8UJaPCcGENeYxt/UnzFA)
SophosML/PE-A + Mal/Lothiz-A
ComodoMalware@#2c6i1xvs0zmnv
DrWebTrojan.Siggen.37579
ZillyaDropper.Agent.Win32.116627
TrendMicroTROJ_GEN.R03BC0CB322
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
EmsisoftGen:Heur.MSIL.Krypt.!cdmip!.2 (B)
IkarusTrojan-Dropper.MSIL
JiangminTrojan/MSIL.az
AviraTR/Dropper.Gen
MAXmalware (ai score=80)
Antiy-AVLTrojan[Backdoor]/Win32.Shiz
MicrosoftTrojanDropper:MSIL/Lothiz.A
GDataGen:Heur.MSIL.Krypt.!cdmip!.2
CynetMalicious (score: 99)
AhnLab-V3Dropper/Win32.Agent.C124211
McAfeeGeneric Dropper.qf
VBA32TScope.Trojan.MSIL
MalwarebytesTrojan.Agent
PandaTrj/CI.A
TencentMalware.Win32.Gencirc.10b677f4
SentinelOneStatic AI – Malicious PE
FortinetW32/Lothiz.A
AVGMSIL:BFBot-A [Cryp]
Cybereasonmalicious.50142f
AvastMSIL:BFBot-A [Cryp]

How to remove TrojanDropper:MSIL/Lothiz.A?

TrojanDropper:MSIL/Lothiz.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment