Categories: Trojan

TrojanDropper:VBS/Micwix.CS!eml removal instruction

The TrojanDropper:VBS/Micwix.CS!eml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDropper:VBS/Micwix.CS!eml virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Creates RWX memory
Guard pages use detected – possible anti-debugging.
Dynamic (imported) function loading detected
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
A scripting utility was executed
Uses Windows utilities for basic functionality
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
A document or script wrote an executable file to disk
Created a process from a suspicious location
Installs itself for autorun at Windows startup
A script process created a new process
Creates known Njrat/Bladabindi RAT registry keys

How to determine TrojanDropper:VBS/Micwix.CS!eml?


File Info:
name: 3E916BCBBC28FF3AEB34.mlwpath: /opt/CAPEv2/storage/binaries/f55ad7b1502f6886afd71feb08e1269009e0aae4072fa06b3a8f794d7bded4bdcrc32: 5E08B315md5: 3e916bcbbc28ff3aeb344f589eb1ae71sha1: 65dbc50b5c5226f9e104a9a0fb96f393e31ee125sha256: f55ad7b1502f6886afd71feb08e1269009e0aae4072fa06b3a8f794d7bded4bdsha512: 8030d248982485d4d7a1e2d81837ddc171e2494b7a5695f7bc6610f00f17c49d87146a6a1f6bae03491399171aa8ff20534e72451ff6babb1a94dd1c283bbfafssdeep: 12288:/6Wq4aaE6KwyF5L0Y2D1PqLfULDo+9jE3qfFihdSBAciG0e/qRV:9thEVaPqLfgo2jQSFihwjiG0eyLtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T1AEE423CE7B67B412E4BC43F7889923532591FA14C6B15FFB616025A74C9F004B8AA7CDsha3_384: 619f3c8a84868aa4ae9357cbf23a94e09803e60811f981a17e4db3c80e43188261e920fbbeb8ae316d4b41e2aeb8f050ep_bytes: 60be005048008dbe00c0f7ff57eb0b90timestamp: 2012-01-29 21:32:28
Version Info:
FileDescription: FileVersion: 3, 3, 8, 1CompiledScript: AutoIt v3 Script: 3, 3, 8, 1Translation: 0x0809 0x04b0

TrojanDropper:VBS/Micwix.CS!eml also known as:

MicroWorld-eScan	AIT:Trojan.Agent.DEOI
FireEye	AIT:Trojan.Agent.DEOI
CAT-QuickHeal	Trojan.Msilperseus
McAfee	Artemis!3E916BCBBC28
Cylance	Unsafe
Zillya	Dropper.Generic.Win32.11103
K7AntiVirus	Trojan ( 004973dd1 )
Alibaba	TrojanDropper:MSIL/Bladabindi.46287bec
K7GW	Trojan ( 004973dd1 )
Cybereason	malicious.bbc28f
BitDefenderTheta	AI:Packer.DFD329EB15
ESET-NOD32	multiple detections
TrendMicro-HouseCall	Cryp_Embed4
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	AIT:Trojan.Agent.DEOI
NANO-Antivirus	Trojan.Script.Autoit.debvea
Avast	JS:Skiddo-A [Trj]
Tencent	Autoit.Trojan.Autoit.Lnoj
Ad-Aware	AIT:Trojan.Agent.DEOI
Emsisoft	AIT:Trojan.Agent.DEOI (B)
Comodo	Malware@#3775w4t1qkgba
DrWeb	Trojan.DownLoader11.17660
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Cryp_Embed4
McAfee-GW-Edition	BehavesLike.Win32.Injector.jc
Sophos	Mal/Generic-S
APEX	Malicious
GData	VBS.Heur2.Zbot.4.8558B42A.Gen (3x)
Jiangmin	Trojan.Script.wpy
Avira	DR/AutoIt.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.3056C39
Arcabit	Trojan.Bulz.DCD397
Microsoft	TrojanDropper:VBS/Micwix.CS!eml
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win32.Generic.C3347431
ALYac	VBS.Heur2.Zbot.4.8558B42A.Gen
MAX	malware (ai score=85)
Rising	Dropper.Agent/VBS!1.C907 (CLASSIC)
Yandex	Trojan.Igent.bV4bi2.17
Ikarus	Trojan.Win32.Tiggre
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Generic_PUA_JL.WK!tr
AVG	JS:Skiddo-A [Trj]