Trojan

About “Trojan:Win32/Dwis!acf” infection

Malware Removal

The Trojan:Win32/Dwis!acf is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Dwis!acf virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Trojan:Win32/Dwis!acf?



File Info:

name: 98FC0F25E2AAA2045183.mlw
path: /opt/CAPEv2/storage/binaries/bf665055e93126aeaa6b63c095dca2a1cfd3b95d39b48416f2fba64f55a0ded9
crc32: 4B470010
md5: 98fc0f25e2aaa20451834c4e915bb2f1
sha1: 0b57e2246bedff53e4a202c2ee141e1aa3ad4934
sha256: bf665055e93126aeaa6b63c095dca2a1cfd3b95d39b48416f2fba64f55a0ded9
sha512: 2e6c7d463bd215fd7de4d49d9db0c6dabc9989f0d24292c8ff7e3334bfdfc836d2b5d219e1de4eff6635af10fec59a6698873fb7b9a9e1f697385d08782d7756
ssdeep: 98304:/trbTA1Sf7nvC337mkS8oJ7gYKRomwqkwb:1c1SfzCHik3oJ7FUot2
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T113061225ED53802DC2B23ABC9F73F79D6BAE12626319E6D763D00D725E942413EC6213
sha3_384: bc97c368492d1004149ab3c3141dc9bed8851b6c11e66db3e9841b7dd9d350c8301b8be6d857cd2a7477ba855749a881
ep_bytes: e816900000e989feffffcccccccccc55
timestamp: 2012-01-29 21:32:28


Version Info:

FileDescription: AutoIt v3
FileVersion: 1, 1, 1, 1
CompiledScript: AutoIt v3 Script: 1, 1, 1, 1
Translation: 0x0809 0x04b0

Trojan:Win32/Dwis!acf also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
FireEyeGeneric.mg.98fc0f25e2aaa204
CAT-QuickHealTrojanPWS.AutoIt.Zbot.S
CylanceUnsafe
ZillyaAdware.Somoto.Win32.1052
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0055e3df1 )
K7GWTrojan ( 0055e3df1 )
Cybereasonmalicious.46bedf
tehtrisGeneric.Malware
APEXMalicious
KasperskyUDS:DangerousObject.Multi.Generic
AvastWin32:Malware-gen
McAfee-GW-EditionBehavesLike.Win32.Dropper.wc
Trapminemalicious.high.ml.score
SophosTroj/Autoit-BEB
GoogleDetected
Antiy-AVLTrojan/Generic.ASBOL.C6D6
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftTrojan:Win32/Dwis!acf
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.AutoIt.R158284
McAfeeGenericATG-FBXM!98FC0F25E2AA
MalwarebytesTrojan.Dropper
AVGWin32:Malware-gen
CrowdStrikewin/malicious_confidence_60% (D)

How to remove Trojan:Win32/Dwis!acf?

Trojan:Win32/Dwis!acf removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment