Trojan

Trojan:Win32/Cozer.A!dha removal

Malware Removal

The Trojan:Win32/Cozer.A!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Cozer.A!dha virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (inter-process)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Cozer.A!dha?



File Info:

name: 90BD910EE161B71C7A37.mlw
path: /opt/CAPEv2/storage/binaries/ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf
crc32: 7CEB15C5
md5: 90bd910ee161b71c7a37ac642f910059
sha1: 93d53be2c3e7961bc01e0bfa5065a2390305268c
sha256: ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cf
sha512: 90a6c72147e75dd47d914987f38b31f384ff8f069ba967fc5e76032c54606bcb6dedea8b0630aede7daad703731c96c2c514ca65ed0239e5e4c074c003bd0773
ssdeep: 24576:h35dPpXW2PPjglCyJNyBGBYsTnbFCeDxQHqK8:hBDMlCynyclCZ38
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19F455902994848AFD303C7331466A3D0D150A83F2A6F679A3D69711BFF7DD8BA1C275A
sha3_384: bde2ee17bac3123196cc17a91223ae18d9f78cf56207269d0b9e741100d849a35f472b99162845046db4ad37a3a00e10
ep_bytes: e8f0570000e978feffff8bff558bec56
timestamp: 2013-07-26 07:53:37


Version Info:

0: [No Data]

Trojan:Win32/Cozer.A!dha also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.CozyDuke.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.90bd910ee161b71c
ALYacTrojan.Dropper.SFX
Cylanceunsafe
ZillyaTrojan.CozyDuke.Win32.21
SangforTrojan.Win32.APT29.IOC
K7AntiVirusRiskware ( 0040eff71 )
AlibabaTrojan:Win32/Cozer.777b5f2f
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.2c3e79
VirITBackdoor.Win32.Generic.BVTE
SymantecTrojan.Dropper
ESET-NOD32a variant of Win32/Cozer.D
APEXMalicious
ClamAVWin.Dropper.Cozybear-3
KasperskyUDS:Trojan.Win32.CozyDuke.gen
BitDefenderGen:Variant.Midie.58686
NANO-AntivirusTrojan.Win32.Cozybear.dpusrt
MicroWorld-eScanGen:Variant.Midie.58686
TencentWin32.Trojan.Cozyduke.Cgow
EmsisoftGen:Variant.Midie.58686 (B)
F-SecureTrojan-Dropper:W32/CozyDuke.C
DrWebBackDoor.CozyDuke.15
VIPREGen:Variant.Midie.58686
TrendMicroBKDR_COZER.B
McAfee-GW-EditionGeneric Trojan.bn
Trapminemalicious.moderate.ml.score
SophosMal/RarMal-H
IkarusTrojan.Win32.Cozer
GDataGen:Variant.Midie.58686
JiangminTrojan.MSIL.akcou
WebrootW32.Trojan.GenKD
AviraHEUR/AGEN.1320145
Antiy-AVLTrojan[APT]/Win32.Apt29
XcitiumMalware@#2mvcf6fbtz3de
ArcabitTrojan.Midie.DE53E
ViRobotDropper.S.CozyDuke.1176141
ZoneAlarmHEUR:Trojan.Win32.CozyDuke.gen
MicrosoftTrojan:Win32/Cozer.gen.A!dha
GoogleDetected
AhnLab-V3Trojan/Win32.Cozer.C820329
McAfeeGeneric Trojan.bn
MAXmalware (ai score=100)
DeepInstinctMALICIOUS
VBA32BScope.Trojan.CozyDuke
MalwarebytesMalware.AI.3183754212
PandaTrj/CI.A
TrendMicro-HouseCallBKDR_COZER.B
RisingTrojan.CozyDuke!8.5A5F (TFE:5:4MSTiO4zmcK)
YandexTrojan.GenAsa!U7+dIZiQSsU
MaxSecureTrojan.Malware.8230505.susgen
FortinetW32/Cozybear.H!tr
AVGWin32:CozyDuke-F [Cryp]
AvastWin32:CozyDuke-F [Cryp]
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Cozer.A!dha?

Trojan:Win32/Cozer.A!dha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment