TrojanSpy:Win32/Redaman.AR!Cert malicious file

The TrojanSpy:Win32/Redaman.AR!Cert is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What TrojanSpy:Win32/Redaman.AR!Cert virus can do?

Executable code extraction
Presents an Authenticode digital signature
Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine TrojanSpy:Win32/Redaman.AR!Cert?


File Info:
crc32: B158EF19
md5: dfafe75d799bc678c81e18058f60a584
name: upload_file
sha1: 83d5718809d55086058006abdd45eac11bdb83d2
sha256: 85d69ee78a2c065637511036c6154d5002f6b7ab53c92d1d6f896f28795de03a
sha512: c55d8dfcedb7ea542dcb1558e4305f47d30efcb754390c1fcd1a84dbab1801954fb142ccf919aa9b46c2a3e28223e40bf529da065a0394db492d6b7459edde43
ssdeep: 3072:ZnRPRbTsw4vuq93ojcjl2/UGGpXOOf7bzPp:JRPRbIw7mojow/loeOfrh
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Tonec Inc., Copyright xa9 1999 - 2015
InternalName: IDMGrHlp
FileVersion: 6, 22, 1, 1
CompanyName: Tonec Inc.
LegalTrademarks: Internet Download Manager
Comments: Auxiliary program for Internet Download Manager
ProductName: Internet Download Manager
ProductVersion: 6, 22, 1, 1
FileDescription: Internet Download Manager module
OriginalFilename: IDMGrHlp.EXE
Translation: 0x0409 0x04b0

TrojanSpy:Win32/Redaman.AR!Cert also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.34724607
CAT-QuickHeal	Trojan.Zenpak
McAfee	GenericRXMF-AK!DFAFE75D799B
AegisLab	Trojan.Win32.Zenpak.4!c
Sangfor	Malware
K7AntiVirus	Spyware ( 0055799d1 )
BitDefender	Trojan.GenericKD.34724607
K7GW	Spyware ( 0055799d1 )
Cybereason	malicious.809d55
Invincea	Mal/Generic-S
Cyren	W32/Spybot.KKRH-8597
Symantec	Trojan Horse
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	Trojan.Win32.Zenpak.awvk
Alibaba	TrojanSpy:Win32/Redaman.4a8bdb67
NANO-Antivirus	Trojan.Win32.Zenpak.hzhphg
ViRobot	Trojan.Win32.Z.Suspectcrc.543760
Rising	Trojan.Kryptik!8.8 (TFE:5:VZMlx7Je8IJ)
Ad-Aware	Trojan.GenericKD.34724607
Sophos	Mal/Generic-S
Comodo	Malware@#1iyyv69ol3ah7
DrWeb	Trojan.SpyBot.699
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Trojan.Win32.ZENPAK.GFDA
McAfee-GW-Edition	GenericRXMF-AK!DFAFE75D799B
FireEye	Generic.mg.dfafe75d799bc678
Emsisoft	Trojan.GenericKD.34724607 (B)
Ikarus	Trojan.Inject
eGambit	PE.Heur.InvalidSig
Antiy-AVL	GrayWare/Win32.Kryptik.ehls
Microsoft	TrojanSpy:Win32/Redaman.AR!Cert
Arcabit	Trojan.Generic.D211DAFF
ZoneAlarm	Trojan.Win32.Zenpak.awvk
GData	Trojan.GenericKD.34724607
Cynet	Malicious (score: 100)
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34566.Hy1@a86LTVci
MAX	malware (ai score=99)
VBA32	BScope.Trojan.Encoder
Malwarebytes	Spyware.PasswordStealer
Panda	Trj/GdSda.A
Zoner	Trojan.Win32.95760
ESET-NOD32	Win32/Spy.RTM.AG
TrendMicro-HouseCall	Trojan.Win32.ZENPAK.GFDA
Tencent	Win32.Trojan.Falsesign.Wvut
SentinelOne	DFI – Malicious PE
Fortinet	W32/Generik.A584!tr
Webroot	W32.Trojan.Gen
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.799

How to remove TrojanSpy:Win32/Redaman.AR!Cert?

TrojanSpy:Win32/Redaman.AR!Cert removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X