Trojan

TrojanDropper:Win32/Demekaf.A (file analysis)

Malware Removal

The TrojanDropper:Win32/Demekaf.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper:Win32/Demekaf.A virus can do?

  • Executable code extraction
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine TrojanDropper:Win32/Demekaf.A?



File Info:

crc32: 7C3E83D5
md5: 9b31d9334768f5c15c9459448533de83
name: 9B31D9334768F5C15C9459448533DE83.mlw
sha1: 8f384170dedbf6b2af482f8999e773fa01a5671a
sha256: ece0c382c577813f3d5c49f5b95cbd1d9df31f4bb051abbfed7c2ee012345c14
sha512: 539055e1a51feb93ead50df12602c3398a414bd699dc15fe2da061f8ae56b2f78c26c613e05ea142ca91126b9be6e5d801346819bf26603d8b5525fbe6c86eaa
ssdeep: 6144:kRPrmCDMLRhprsSgSM7Fs9IRonMQUrAJHALCV6tJa:kBrX+pA7F+UUJe+
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2010
InternalName: 
FileVersion: 0, 0, 0, 0
CompanyName: 
PrivateBuild: 
LegalTrademarks: 
Comments: 
ProductName: 800 x 600 JPEG
SpecialBuild: 
ProductVersion: 0, 0, 0, 0
FileDescription: 800 x 600 JPEG
OriginalFilename: 800 x 600 JPEG
Translation: 0x0804 0x04b0

TrojanDropper:Win32/Demekaf.A also known as:

K7AntiVirusBackdoor ( 00173d0f1 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen1.27425
CynetMalicious (score: 100)
ALYacGen:Variant.Buzy.2965
CylanceUnsafe
ZillyaBackdoor.Agent.Win32.22138
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojanDropper:Win32/Demekaf.6480e40b
K7GWBackdoor ( 00173d0f1 )
Cybereasonmalicious.34768f
BaiduWin32.Backdoor.Agent.dx
CyrenW32/Dropper.AH.gen!Eldorado
SymantecTrojan.Dropper
ESET-NOD32Win32/Agent.OSO
APEXMalicious
AvastWin32:JPGPicts-B [Trj]
ClamAVWin.Dropper.Gh0stRAT-8026915-0
KasperskyTrojan.Win32.Agent.xfzn
BitDefenderGen:Variant.Buzy.2965
NANO-AntivirusTrojan.Win32.Baidu.iidnc
ViRobotTrojan.Win32.A.PSW-Magania.1913020.A
SUPERAntiSpywareTrojan.Agent/Gen-Dropper
MicroWorld-eScanGen:Variant.Buzy.2965
TencentTrojan.Win32.Agent.tj
Ad-AwareGen:Variant.Buzy.2965
SophosTroj/Mdrop-CPG
ComodoBackdoor.Win32.Agent.~Avvn@1vvdru
BitDefenderThetaGen:NN.ZexaF.34790.Nq1@ayDq8Upb
VIPRETrojan.Win32.Generic.pak!cobra
TrendMicroTROJ_GEN.R005C0CFU21
McAfee-GW-EditionGenericRXFD-ZY!9B31D9334768
FireEyeGeneric.mg.9b31d9334768f5c1
EmsisoftGen:Variant.Buzy.2965 (B)
JiangminBackdoor/Agent.ckeb
WebrootW32.Malware.Gen
AviraTR/Crypt.CFI.Gen
Antiy-AVLTrojan/Generic.ASMalwS.1F21
KingsoftHeur.SSC.51049.0010.(kcloud)
MicrosoftTrojanDropper:Win32/Demekaf.A
ArcabitTrojan.Buzy.DB95
GDataGen:Variant.Buzy.2965
AhnLab-V3Dropper/Agent.81977
McAfeeGenericRXFD-ZY!9B31D9334768
MAXmalware (ai score=87)
VBA32Trojan.Agent
MalwarebytesMalware.AI.3434551315
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R005C0CFU21
RisingTrojan.Kryptik!1.AAD1 (CLASSIC)
MaxSecureVirus.W32.Shodi.I
FortinetW32/Mdrop.CPG!tr
AVGWin32:JPGPicts-B [Trj]
Paloaltogeneric.ml
Qihoo-360HEUR/QVM07.1.599A.Malware.Gen

How to remove TrojanDropper:Win32/Demekaf.A?

TrojanDropper:Win32/Demekaf.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment