Trojan

What is “Trojan:Win32/Chir!pz”?

Malware Removal

The Trojan:Win32/Chir!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Chir!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities to create a scheduled task
  • Attempts to modify Windows Defender using PowerShell

How to determine Trojan:Win32/Chir!pz?



File Info:

name: 2012F9E0C5FD4ECEC7EE.mlw
path: /opt/CAPEv2/storage/binaries/6c4876b14434ca54faba72117d6b81bb244bffb76663731d6d7546693baa1f6b
crc32: 7CDC50E2
md5: 2012f9e0c5fd4ecec7eed5179d1565a4
sha1: 22956a064a8726ca5ecd4d214166065a9d45ec37
sha256: 6c4876b14434ca54faba72117d6b81bb244bffb76663731d6d7546693baa1f6b
sha512: 476cc8b817df73ccb95b8c61397bad55b7e99d345b8c03ebf39cf3e7f0a876c8810f9fcb310f7190619f65fa89d313fcdf6c5d746db2271611d8df2669e65f1a
ssdeep: 49152:YXz+So0qd82a7oTmgHvHYC+CIuA9K53878JWax5j2g2XBAN98rwUU6ysxt:YXz+SmE0/gKIuALgcgBgB88+6yAt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CEF533BDF18182B6D073167D1C4BA273B577BD0847B9649FB3CE7E368633206255A282
sha3_384: 7c9bccb45489cc6e5d9cace1aa6288d0652c7d77eb1fcedb129a92e0d9c1003f4e1e28c1da75cfdc4d3412de784bfa9c
ep_bytes: 558bec83c4f0b888534200e824f2fdff
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: 
CompanyName: LunacyAudio KeyGen                                          
FileDescription: LunacyAudio KeyGen 1.0 Installation                         
FileVersion: 1.0                 
LegalCopyright: LunacyAudio KeyGen                                                                                  
Translation: 0x0409 0x04e4

Trojan:Win32/Chir!pz also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Cerbu.156500
ClamAVWin.Trojan.Miner-10015797-0
FireEyeGen:Variant.Cerbu.156500
SkyhighBehavesLike.Win32.Dropper.wc
ALYacGen:Variant.Cerbu.156500
Cylanceunsafe
SangforTrojan.Win32.Agent.Vqs9
K7AntiVirusCryptoMiner ( 0051b4fe1 )
AlibabaTrojan:Win32/PowerShell.58208f33
K7GWCryptoMiner ( 0051b4fe1 )
Cybereasonmalicious.64a872
ArcabitTrojan.Cerbu.D26354
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win64/CoinMiner.FQ
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.PowerShell.gdy
BitDefenderGen:Variant.Cerbu.156500
NANO-AntivirusRiskware.Win64.CoinMiner.kchrln
AvastWin64:Evo-gen [Trj]
TencentWin32.Trojan.Powershell.Dkjl
EmsisoftGen:Variant.Cerbu.156500 (B)
F-SecureHeuristic.HEUR/AGEN.1367726
DrWebTool.Nssm.6
VIPREGen:Variant.Cerbu.156500
SophosMal/FakeMS-X
SentinelOneStatic AI – Suspicious PE
WebrootW32.Hack.Tool
VaristW64/ABMiner.OTDW-5884
AviraHEUR/AGEN.1367726
Antiy-AVLTrojan/Win64.CoinMiner
MicrosoftTrojan:Win32/Chir!pz
ZoneAlarmTrojan.Win32.PowerShell.gdy
GDataGen:Variant.Cerbu.156500
GoogleDetected
McAfeeArtemis!2012F9E0C5FD
MAXmalware (ai score=89)
MalwarebytesGeneric.Malware.AI.DDS
RisingHackTool.VulnDriver/x64!1.D7DB (CLASSIC)
IkarusTrojan.Win64.CoinMiner
MaxSecureTrojan-Ransom.Win32.Crypmod.zfq
FortinetW32/CoinMiner.FQ!tr
AVGWin64:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Chir!pz?

Trojan:Win32/Chir!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment