What is “Trojan:Win32/Dridex!pz”?

The Trojan:Win32/Dridex!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Dridex!pz virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Trojan:Win32/Dridex!pz?


File Info:
name: C21FACDB790BE5A93C73.mlw
path: /opt/CAPEv2/storage/binaries/3645299ad9fb2a159622581a9fb37849c34cdd7472671780b80b37bd3255e59f
crc32: 86ED2D23
md5: c21facdb790be5a93c73a48ce4966b3a
sha1: e55a804562aa1b07e1db2e44077e1e3388d3f080
sha256: 3645299ad9fb2a159622581a9fb37849c34cdd7472671780b80b37bd3255e59f
sha512: 6b5c305514517ad2f8fead04eb2712f572b1477f39b33fbdfb5c8d313fb3a3798d1fab20b2a31b2da9e4ed299fc0797ff6238a6aab8692f3838a78c21e499b6b
ssdeep: 12288:de/jiRwU4elX5YB8jkLHq0JNGyTETqdDi/QWFQwhIArpLZSHp+rAbGehLGkeGE6k:delU4elX5YB8jkLHq0HGyTETqdDi/QWe
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1AD94A4CE8750A1EBDCD51E883B7DE6FD27E6406CF169A8448BA1BF1F13055DA41A80EC
sha3_384: 4c5689304234a8ab6eef61c74cfa03f63293a5f0c320cfe542e05d7be3fcd6fdfcc08e571ba396273f4efa6743b6917e
ep_bytes: 5589e581ec7801000060837d0c010f85
timestamp: 2020-03-02 16:35:46

Version Info:
FileDescription: MODULE 38(346) Honda CAN
CompanyName: MMC flasher
LegalCopyright: All rights reserved
ProductVersion: 10.346
Translation: 0x0409 0x0000

Trojan:Win32/Dridex!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Malicious.4!c
tehtris	Generic.Malware
ClamAV	Win.Malware.B89lk7i-9864623-0
FireEye	Generic.mg.c21facdb790be5a9
Skyhigh	BehavesLike.Win32.Generic.gc
McAfee	GenericRXAA-AA!C21FACDB790B
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Cerbu.65230d6b
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
BitDefenderTheta	AI:Packer.FDBB39701E
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Cynet	Malicious (score: 100)
Avast	FileRepMalware [Trj]
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Crypt
GData	Win32.Trojan.PSE.15W2GO5
Google	Detected
Antiy-AVL	Trojan/Win32.Fuerboos
Microsoft	Trojan:Win32/Dridex!pz
Varist	W32/Cerbu.S.gen!Eldorado
AhnLab-V3	Malware/Win32.RL_Generic.R270667
Malwarebytes	Malware.AI.3568306722
Panda	Trj/Genetic.gen
Rising	Trojan.Generic@AI.100 (RDML:stON9jFEITNAJ4uhlKkZKw)
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Agent.B7DE!tr
AVG	FileRepMalware [Trj]
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Dridex!pz?

Trojan:Win32/Dridex!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X