Trojan

About “TrojanDropper:Win32/Gepys!pz” infection

Malware Removal

The TrojanDropper:Win32/Gepys!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDropper:Win32/Gepys!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Behavioural detection: Transacted Hollowing
  • CAPE detected the embedded win api malware family
  • Collects information to fingerprint the system
  • Yara detections observed in process dumps, payloads or dropped files

How to determine TrojanDropper:Win32/Gepys!pz?



File Info:

name: 0B14BA2C41FD8D02A026.mlw
path: /opt/CAPEv2/storage/binaries/5e34d6dd93089b2e577f26fa309139275d57c6a07204582c12684e5bd0fb4246
crc32: A14207AC
md5: 0b14ba2c41fd8d02a026ca631ea522f7
sha1: 2129a4daca010df972cd483ad881da82f9018952
sha256: 5e34d6dd93089b2e577f26fa309139275d57c6a07204582c12684e5bd0fb4246
sha512: 4670530bb797238f7d968e07855113976e294bc392055d007132b334c33d10a5810783907731e0358fd71ad1a22f24c0ca4810f080a7b06685500742917b0f25
ssdeep: 6144:woUTxSfmV6hRRgHI6I9h/lmb5BuEw4MiQo2Rukif0nyFKotm:woxfSo60l2+CMi21iHy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19184EFB09090553ADA9853B44C82AC398F1EBC245AA49CD701C9FDC63FB35C587EE96F
sha3_384: f4ba69ca37c998a7bd053aad239f555844cfb1af1986517a0f53a90d7baa39b89ff9619034aba5d392fb3d3567aaa665
ep_bytes: 558bec51558f0510884300a110884300
timestamp: 2007-08-23 03:30:28


Version Info:

CompanyName: Euajdexwq Njyrbwbipdi
FileDescription: Ehcgvuulr FlvamfDqca Hqjfh Lbjt
FileVersion: 6.40.8710.5980 (qcnm.096267-2946)
InternalName: cscebwvo.yri
LegalCopyright: © Dtycpzssm Eumwbdqhaay. Dta ivweju vsyoqaeq.
OriginalFilename: swcxrpts.ska
ProductName: Tkyxezfzw® Kjrfcpu® Tpzjhwmfn Bzfujg
ProductVersion: 5.71.4916.9002
Translation: 0x0409 0x04b0

TrojanDropper:Win32/Gepys!pz also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Barys.57863
FireEyeGeneric.mg.0b14ba2c41fd8d02
SkyhighGeneric Malware.ms
McAfeeGeneric Malware.ms
MalwarebytesCrypt.Trojan.Malicious.DDS
ZillyaTrojan.ShipUp.Win32.16117
SangforSuspicious.Win32.Save.a
Cybereasonmalicious.c41fd8
BaiduWin32.Trojan.Agent.eq
VirITTrojan.Win32.Generic.NDT
SymantecPacked.Generic.459
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.AXBQ
APEXMalicious
TrendMicro-HouseCallTROJ_AGENT_054753.TOMB
ClamAVWin.Packed.Shipup-6840400-0
KasperskyTrojan.Win32.ShipUp.boh
BitDefenderGen:Variant.Barys.57863
AvastWin32:Gepys-J [Trj]
TencentTrojan.Win32.Shipup.xf
SophosTroj/Zbot-EHY
F-SecureTrojan.TR/Obfuscate.adhoum
DrWebTrojan.Redirect.140
VIPREGen:Variant.Barys.57863
TrendMicroTROJ_AGENT_054753.TOMB
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Barys.57863 (B)
IkarusTrojan.Win32.ShipUp
JiangminTrojan/ShipUp.jk
GoogleDetected
AviraTR/Obfuscate.adhoum
VaristW32/Zbot.JC.gen!Eldorado
Antiy-AVLTrojan/Win32.ShipUp
Kingsoftmalware.kb.a.1000
MicrosoftTrojanDropper:Win32/Gepys!pz
XcitiumTrojWare.Win32.Kryptik.BVPL@57uzhp
ArcabitTrojan.Barys.DE207
ZoneAlarmTrojan.Win32.ShipUp.boh
GDataWin32.Trojan.PSE.C69FTW
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Kuluoz.C257070
VBA32BScope.Malware-Cryptor.Hlux
MAXmalware (ai score=87)
Cylanceunsafe
RisingTrojan.Kryptik!1.AB8B (CLASSIC)
YandexTrojan.GenAsa!JtzQGDDzcuw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.AYTK!tr
BitDefenderThetaAI:Packer.D7547BBB1F
AVGWin32:Gepys-J [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove TrojanDropper:Win32/Gepys!pz?

TrojanDropper:Win32/Gepys!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment