Trojan

What is “Trojan:Win32/Comitsproc!gmb”?

Malware Removal

The Trojan:Win32/Comitsproc!gmb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Comitsproc!gmb virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Anomalous .NET characteristics
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering
  • Harvests credentials from local FTP client softwares
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Comitsproc!gmb?



File Info:

name: C2DD9F472A3A1A824E39.mlw
path: /opt/CAPEv2/storage/binaries/6bc4d6e58c68b8c47b930db8719c266af212f08a0968b82702971763530145fb
crc32: 2B93BAF9
md5: c2dd9f472a3a1a824e39b4f3e14e88e0
sha1: 2e5e358d227383a1edc74b4d7fe8e7b2803fe83a
sha256: 6bc4d6e58c68b8c47b930db8719c266af212f08a0968b82702971763530145fb
sha512: 8aca82f6960fe4013b6946b66dc0d5e758399e489099b4331c1579812212527f292f6f5a193f539bed6ddc84e01b5828e988a5d726bdcdcd6011cfc43cad60de
ssdeep: 12288:jc8oF88Fr22Li5NU9EIToyrf0wpwq2HQk0kId+TJHW/:g8EIuTtrfJTkkd+Ns
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10FF48D40A2807B2ED1D0B8BD2BB491549371DFFBF7A5C269DC3FA5170E5B82E930A581
sha3_384: 4b0e9652de9966687ab821baefb3f599d1f3c1d1d93d503c6fd998091b3594c1869977de0496ff6b4b93fd82737749f8
ep_bytes: ff250020400000000000000000000000
timestamp: 2014-04-06 11:24:19


Version Info:

0: [No Data]

Trojan:Win32/Comitsproc!gmb also known as:

BkavW32.AIDetectMalware.CS
Elasticmalicious (high confidence)
MicroWorld-eScanIL:Trojan.MSILZilla.13105
FireEyeGeneric.mg.c2dd9f472a3a1a82
SkyhighPWSZbot-FXD!C2DD9F472A3A
McAfeePWSZbot-FXD!C2DD9F472A3A
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 700000121 )
AlibabaTrojan:MSIL/Injector.d9c6ce36
K7GWTrojan ( 700000121 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitIL:Trojan.MSILZilla.D3331
BitDefenderThetaGen:NN.ZemsilF.36608.VmX@a4I7Aff
VirITTrojan.Win32.MSIL_Heur.A
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Injector.DHN
CynetMalicious (score: 99)
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderIL:Trojan.MSILZilla.13105
NANO-AntivirusTrojan.Win32.MailPassView.cwujjp
AvastMSIL:GenMalicious-BB [Trj]
TencentWin32.Trojan.FalseSign.Ckjl
EmsisoftIL:Trojan.MSILZilla.13105 (B)
F-SecureTrojan.TR/Dropper.MSIL.Gen
DrWebTool.MailPassView.343
VIPREIL:Trojan.MSILZilla.13105
SophosTroj/dnCreek-A
IkarusTrojan-Spy.Agent
WebrootW32.Trojan.Genkd
AviraTR/Dropper.MSIL.Gen
Antiy-AVLTrojan/Win32.AGeneric
XcitiumMalware@#3bece6g0r0wp7
MicrosoftTrojan:Win32/Comitsproc!gmb
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataIL:Trojan.MSILZilla.13105
GoogleDetected
ALYacIL:Trojan.MSILZilla.13105
MAXmalware (ai score=100)
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Dropper.AKH
RisingMalware.Obfus/MSIL@AI.89 (RDM.MSIL2:KjE0tLwGsJ3mb84cgNEP0w)
SentinelOneStatic AI – Malicious PE
FortinetMSIL/Injector.DEN!tr
AVGMSIL:GenMalicious-BB [Trj]
Cybereasonmalicious.d22738
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Comitsproc!gmb?

Trojan:Win32/Comitsproc!gmb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment