Trojan

Trojan:Win32/Azorult.PR!MTB removal tips

Malware Removal

The Trojan:Win32/Azorult.PR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Azorult.PR!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes executed files from disk
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan:Win32/Azorult.PR!MTB?



File Info:

name: 14E142792E44F23076C8.mlw
path: /opt/CAPEv2/storage/binaries/f5201f2ab1207d1349be369099ed0acd135d3eefee93d86fc1d2ada554c57aa6
crc32: 55C7B261
md5: 14e142792e44f23076c8b1dcc5ebe625
sha1: 77d623e8c7c5d042f7473b43d48e809d718bfbc5
sha256: f5201f2ab1207d1349be369099ed0acd135d3eefee93d86fc1d2ada554c57aa6
sha512: dd91dfdc63182786b721a0c9a72038f2c4a73547ac77caa5cd222d82ac050e18d161df7ffc508e1f583e100858e763bc7ec9712b9a1ab8d5e43fd72448856372
ssdeep: 49152:PcW4fI9vuC4RFGo1vaz8w7WVhO6G/xxPRUaP7x7Bjq3+n:PX4ABu//n1v089VhO6G/xByazx1X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14EC5F127B298A53EC4AA27354673A05058FBB76DF417BE1676F0C88CCF254C01E3AB65
sha3_384: 607c59b609a54f2f5656b0f22cd2df4538d81284e31c69da5601e13e4ca468131ca87073d48fff20ce3d1030a67b2562
ep_bytes: 558bec83c4a453565733c08945c48945
timestamp: 2019-04-27 08:22:11


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName:                                                             
FileDescription: InIo60ptimizer Setup                                        
FileVersion:                     
LegalCopyright:                                                                                                     
OriginalFileName:                                                   
ProductName: InIo60ptimizer                                              
ProductVersion: 3.1                                               
Translation: 0x0000 0x04b0

Trojan:Win32/Azorult.PR!MTB also known as:

LionicAdware.MSIL.InlogOptim.2!c
MicroWorld-eScanTrojan.GenericKDS.32635789
ALYacTrojan.BrsecmonE.1
MalwarebytesTrojan.Downloader
VIPRETrojan.GenericKDS.32635789
K7AntiVirusTrojan ( 0055b9df1 )
AlibabaTrojan:Win32/Azorult.4de2c9ee
K7GWTrojan ( 0055b9df1 )
CyrenW32/Kryptik.AQX.gen!Eldorado
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 99)
Kasperskynot-a-virus:HEUR:AdWare.MSIL.InlogOptim.gen
BitDefenderTrojan.GenericKDS.32635789
NANO-AntivirusRiskware.Win32.Stealer.ghnrsd
AvastWin32:AdwareX-gen [Adw]
TencentMsil.AdWare.Inlogoptim.Ncnw
EmsisoftTrojan.GenericKDS.32635789 (B)
F-SecureHeuristic.HEUR/AGEN.1318688
DrWebTrojan.PWS.Stealer.26472
McAfee-GW-EditionBehavesLike.Win32.Dropper.vc
FireEyeTrojan.GenericKDS.32635789
SophosMal/GandCrab-G
GDataTrojan.BrsecmonE.1
AviraTR/Dropper.Gen
ArcabitTrojan.GenericS.D1F1FB8D [many]
ZoneAlarmnot-a-virus:HEUR:AdWare.MSIL.InlogOptim.gen
MicrosoftTrojan:Win32/Azorult.PR!MTB
GoogleDetected
AhnLab-V3PUP/Win32.Agent.C3524532
McAfeeArtemis!14E142792E44
MAXmalware (ai score=99)
VBA32Adware.MSIL.InlogOptim
Cylanceunsafe
PandaTrj/CI.A
RisingTrojan.Generic@AI.98 (RDML:KmneE4PG6CccwOtPJyRfuQ)
YandexPUA.InlogOptim!KbK7O6hB980
IkarusTrojan.PSW.Stealer
MaxSecureTrojan.Malware.74634392.susgen
FortinetW32/Kryptik.GWWL!tr
AVGWin32:AdwareX-gen [Adw]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Azorult.PR!MTB?

Trojan:Win32/Azorult.PR!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment