Trojan

What is “TrojanDropper:Win32/Sirefef.T”?

Malware Removal

The TrojanDropper:Win32/Sirefef.T is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What TrojanDropper:Win32/Sirefef.T virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Removes Security and Maintenance icon from Start menu, Taskbar and notifications
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Attempts to modify user notification settings

How to determine TrojanDropper:Win32/Sirefef.T?


File Info:

name: CFF9B553E028DC283520.mlw
path: /opt/CAPEv2/storage/binaries/cc73d37055b8f67c86e4a8512762fc4f0ac6505d855e05996de6e1a42e9d77b4
crc32: 13622EFC
md5: cff9b553e028dc28352006f27c196e56
sha1: 0b91194c1c3dc71730d5bb078166c8a6748203b5
sha256: cc73d37055b8f67c86e4a8512762fc4f0ac6505d855e05996de6e1a42e9d77b4
sha512: 3554a4081ed8a6381846183ea68a7f3862511513205cd066ae4ebb63e020c11eb77d95472d87ca1f387fbb4ca764f367f68301553e165eb65fb2aca4ff77794c
ssdeep: 6144:Kfwzl1JD1NCrEbtYXb/AIc7Tg/V/zoJIGyxFq/Vl4J:OwLJDKrEebfDQ4J
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F674B055A950C422D4E8077808B65AB4F73CA99E8F514BCB2704F76D3EB33D5353AA8C
sha3_384: 824f8088b12ea0d1877dcbdcbc0e15e20cfc743e09a0729d1c2bf7fc654f05dddfe27e71c0c23c0df27bf6f6ab07acf2
ep_bytes: 6a586829953200e8250000008b0000ff
timestamp: 2010-11-20 12:04:59

Version Info:

Comments: http://www.metaquotes.net
CompanyName: MetaQuotes Software Corp.
FileDescription: MetaTrader 4
FileVersion: 4.0.0.402
InternalName: MetaTrader 4
LegalCopyright: © 2001-2011, MetaQuotes Software Corp.
LegalTrademarks: MetaTrader®
OriginalFilename: LiveU.exe
PrivateBuild:
ProductName: MetaTrader 4 Live
ProductVersion: 4.0.0.402
SpecialBuild:
Translation: 0x0000 0x04b0

TrojanDropper:Win32/Sirefef.T also known as:

BkavW32.AIDetect.malware2
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Zusy.340856
ClamAVWin.Dropper.TrickBot-9963166-0
ALYacGen:Variant.Zusy.340856
CylanceUnsafe
VIPREGen:Variant.Zusy.340856
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f6741 )
K7GWTrojan ( 0040f6741 )
Cybereasonmalicious.3e028d
VirITTrojan.Win32.Generic.AFWX
CyrenW32/Zaccess.K.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Sirefef.EY
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zusy.340856
NANO-AntivirusTrojan.Win32.Maxplus.rdvlt
SUPERAntiSpywareTrojan.Agent/Gen-Meredrop
AvastWin32:Sirefef-ANA [Trj]
TencentMalware.Win32.Gencirc.10b6740f
Ad-AwareGen:Variant.Zusy.340856
EmsisoftGen:Variant.Zusy.340856 (B)
ComodoTrojWare.Win32.Kryptik.AILY@4ptkqf
DrWebBackDoor.Maxplus.1835
ZillyaDropper.ZAccess.Win32.228
TrendMicroTROJ_AGENT_010560.TOMB
McAfee-GW-EditionBehavesLike.Win32.Virut.fh
FireEyeGeneric.mg.cff9b553e028dc28
SophosML/PE-A + Mal/ZAccess-AE
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Zusy.340856
JiangminTrojan/Generic.acums
WebrootTrojanspy:Win32/Fitmu.A
AviraTR/Crypt.XPACK.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.2BD
ArcabitTrojan.Zusy.D53378
ViRobotBackdoor.Win32.ZAccess.345812
MicrosoftTrojanDropper:Win32/Sirefef.T
GoogleDetected
AhnLab-V3Dropper/Win32.ZAccess.R26298
McAfeeTrojan-FAIW!CFF9B553E028
MAXmalware (ai score=88)
VBA32BScope.Trojan.ZAccess
MalwarebytesMalware.AI.280241230
TrendMicro-HouseCallTROJ_AGENT_010560.TOMB
RisingDropper.Win32.Undef.cfn (CLASSIC)
YandexTrojan.GenAsa!Iazc8qxUSVw
IkarusTrojan-Dropper.Win32.ZAccess
FortinetW32/ZAccess.AE!tr
BitDefenderThetaGen:NN.ZexaF.34682.vu1@aSPErQgi
AVGWin32:Sirefef-ANA [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove TrojanDropper:Win32/Sirefef.T?

TrojanDropper:Win32/Sirefef.T removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment