Categories: Trojan

Trojan:Win32/DefenseEvasion!BV information

The Trojan:Win32/DefenseEvasion!BV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/DefenseEvasion!BV virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Starts servers listening on 127.0.0.1:31522
Reads data out of its own binary image
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Executed a process and injected code into it, probably while unpacking
Installs Tor on the infected machine
Installs itself for autorun at Windows startup
Collects information about installed applications
Creates a hidden or system file
Creates a copy of itself

How to determine Trojan:Win32/DefenseEvasion!BV?


File Info:
crc32: B1D43AC3md5: 7bedf074953476df04436b8e4d6f8870name: 2c.jpgsha1: d134eda4a94d5048f72d0176f501faa4b0fafa3fsha256: 35e627482a89782328378f62e03413e104d631e78837234075f13e1ed8e640f6sha512: 25cce3a5b51eeded8546522da6ebd7c1c07548d419719a8681f06da72c4c70a0242f213dd1a47baa47d78d24f5f8d7925c25b837c36ce1b50deafa1eb4bc586bssdeep: 24576:A63TF5Hz8JNcjdGWFtA+Lj7lBC3iSRErD4sdoT3HTcV/jP3QP8jlm+2ZKFrAlSY:L3TFcNSIWFtlf7lqyrD4z3HTcV/jP3qtype: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Version Info:
LegalCopyright: Copyright xa9 2013. All rights reserved. Hyperionics Technology LLCInternalName: SecondFdderFileVersion: 6.4.2.2CompanyName: Hyperionics Technology LLCPrivateBuild: 6.4.2.2LegalTrademarks: Copyright xa9 2013. All rights reserved. Hyperionics Technology LLCComments: Adcs CancelsProductName: SecondFdderLanguages: EnglishProductVersion: 6.4.2.2FileDescription: Adcs CancelsOriginalFilename: SecondFdderTranslation: 0x0409 0x04b0

Trojan:Win32/DefenseEvasion!BV also known as:

DrWeb	Trojan.DownLoader30.44964
MicroWorld-eScan	Trojan.GenericKD.32741325
FireEye	Generic.mg.7bedf074953476df
McAfee	Artemis!7BEDF0749534
Malwarebytes	Trojan.MalPack.RVRS
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Shade.j!c
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.32741325
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_90% (W)
TrendMicro	Possible_HPGen-38
BitDefenderTheta	Gen:NN.ZexaF.32515.AnKfayosT7fi
Symantec	Downloader
APEX	Malicious
Paloalto	generic.ml
GData	Trojan.GenericKD.32741325
Kaspersky	Trojan-Ransom.Win32.Shade.qjk
Rising	Trojan.Generic@ML.91 (RDML:F9vctVi02G5MktxLuJvEFw)
Ad-Aware	Trojan.GenericKD.32741325
Comodo	Malware@#34hjy7binwidd
F-Secure	Trojan.TR/AD.Troldesh.wdond
Zillya	Trojan.Shade.Win32.1160
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Downloader.tc
Sophos	Mal/Generic-S
Ikarus	Trojan-Ransom.Shade
Cyren	W32/Trojan.SCPS-6470
Jiangmin	Trojan.Agent.clna
Avira	TR/AD.Troldesh.wdond
MAX	malware (ai score=80)
Endgame	malicious (moderate confidence)
Arcabit	Trojan.Generic.D1F397CD
ZoneAlarm	Trojan-Ransom.Win32.Shade.qjk
Microsoft	Trojan:Win32/DefenseEvasion!BV
AhnLab-V3	Malware/Win32.Possible_hpgen.C3587746
Acronis	suspicious
VBA32	BScope.TrojanRansom.Agent
Cylance	Unsafe
Panda	Trj/CI.A
ESET-NOD32	Win32/Filecoder.Shade.B
TrendMicro-HouseCall	Possible_HPGen-38
Fortinet	W32/Kryptik.GVSM!tr
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
Qihoo-360	Win32/Trojan.Ransom.cc8