Trojan

About “TrojanDropper:Win32/Clibgov.A” infection

Malware Removal

The TrojanDropper:Win32/Clibgov.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper:Win32/Clibgov.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded pe malware family
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDropper:Win32/Clibgov.A?



File Info:

name: 9119AC597CFAC65F691E.mlw
path: /opt/CAPEv2/storage/binaries/30d938d56b764e840dd99f843fa57c48a0791b1683ece6f47d60457c229f7d31
crc32: 8A48FC86
md5: 9119ac597cfac65f691e4d584da98f26
sha1: 15446ea4847f6b8683f7bf5968bdbb5cc66d4dc4
sha256: 30d938d56b764e840dd99f843fa57c48a0791b1683ece6f47d60457c229f7d31
sha512: 0af1efae812545ac30c7c972e40d358b100c3a25eb486048b3356098e4549dd52aafc76787f15806e0658538bd0e6a00c9b5478a41e132cd5ef861182e651c86
ssdeep: 768:4Q7096xL0s050W0cOER50OWt/6letMHBt6y6t0Li00izH:OdHKdc7R5qzQACifiz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T115635C1BA5A8D13BF24482F15C64959E0452FA324291DE5F3AC6EF0D2EB2AD674F031F
sha3_384: 6199b1ed0a5f2a8046a391dbc943d14bd78b28aa8cebdfc177e3b7287158e0a8c1c0482fda8ff99d7d3ffa1807334d7d
ep_bytes: 6868244000e8f0ffffff000000000000
timestamp: 2010-06-14 12:49:58


Version Info:

Translation: 0x0804 0x04b0
CompanyName: 激情电影播放器
ProductName: 激情电影播放器
FileVersion: 1.00
ProductVersion: 1.00
InternalName: 色片播放器
OriginalFilename: 色片播放器.exe

TrojanDropper:Win32/Clibgov.A also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Techel.4!c
AVGWin32:VB-PXB [Drp]
MicroWorld-eScanGen:Variant.Johnnie.141362
FireEyeGen:Variant.Johnnie.141362
SkyhighBehavesLike.Win32.Infected.km
McAfeeArtemis!9119AC597CFA
MalwarebytesGeneric.Malware/Suspicious
SangforTrojan.Win32.VB.NPJ
AlibabaTrojanDropper:Win32/Techel.44a1cb2c
Cybereasonmalicious.97cfac
BitDefenderThetaAI:Packer.37E1B0B51F
VirITTrojan.Win32.Generic.BXCS
SymantecTrojan.Adclicker
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.VB.NPJ
CynetMalicious (score: 100)
APEXMalicious
AvastWin32:VB-PXB [Drp]
ClamAVWin.Dropper.Awclfobb-7496627-0
KasperskyTrojan.Win32.Techel.ak
BitDefenderGen:Variant.Johnnie.141362
NANO-AntivirusTrojan.Win32.Techel.bxatyk
TencentWin32.Trojan.Techel.Ychl
F-SecureHeuristic.HEUR/AGEN.1336383
ZillyaDropper.VB.Win32.69909
Trapminesuspicious.low.ml.score
EmsisoftGen:Variant.Johnnie.141362 (B)
IkarusTrojan-Dropper.Win32.VB
VaristVBS/Agent.FD
AviraHEUR/AGEN.1336383
Antiy-AVLTrojan/Win32.Techel
KingsoftWin32.Troj.Unknown.a
MicrosoftTrojanDropper:Win32/Clibgov.A
XcitiumMalware@#12zy55tz19fwn
ArcabitTrojan.Johnnie.D22832
ViRobotTrojan.Win32.A.Techel.69632
ZoneAlarmTrojan.Win32.Techel.ak
GDataGen:Variant.Johnnie.141362
GoogleDetected
VBA32Trojan.VBRA.016681
ALYacGen:Variant.Johnnie.141362
PandaTrj/Genetic.gen
RisingDropper.Clibgov!8.55F0 (TFE:5:eTldGLVsDGS)
YandexTrojan.GenAsa!I7aoRDz463I
SentinelOneStatic AI – Suspicious PE
FortinetW32/Dropper.DLW!tr
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)
alibabacloudTrojan[dropper]:Win/Techel.ak

How to remove TrojanDropper:Win32/Clibgov.A?

TrojanDropper:Win32/Clibgov.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment