Trojan

Trojan:Win32/Esulat.A!eml malicious file

Malware Removal

The Trojan:Win32/Esulat.A!eml is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Esulat.A!eml virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the shellcode patterns malware family
  • Detects Bochs through the presence of a registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempted to write directly to a physical drive
  • Accessed credential storage registry keys
  • Deletes executed files from disk
  • Collects information to fingerprint the system
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Esulat.A!eml?



File Info:

name: 96A66E88E52D7D7A4F2A.mlw
path: /opt/CAPEv2/storage/binaries/a4f96cfb6fc1216543093cdd966ccdaae473e9ba3f0c761f97bf6b8fbacc161e
crc32: 2A4CDFF5
md5: 96a66e88e52d7d7a4f2abeaee10af184
sha1: 6b41cf6e17cea331cef41f68ae01591cf648058e
sha256: a4f96cfb6fc1216543093cdd966ccdaae473e9ba3f0c761f97bf6b8fbacc161e
sha512: db3798f9ee8e7608db9d5d8cbcf8af01cb20350ff9a2acbb112b4aaa284f9226e1b378991bffcce82a172c790413bcb0c248d1d92b815cf5098acc6799fcae33
ssdeep: 3072:zN2WUT21XLX+mLBcKfk64yeqtaFsPdYVhWz324UZkGhvCBN:kWUTY7XZtZk6teqtaFsV7z30tQN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CFE39D23DBD3CDE1D60185F0C75BAFA862837ABA575180CB9F60784EB4B97D15C6202E
sha3_384: bade54836088d9b35ea82521fdcc04784e23b34ba7130feb233a5a080843e8d957927da44d1eff73e8b0c78aa289bcc8
ep_bytes: 558bec6aff6850474000680e3c400064
timestamp: 2015-06-16 13:30:02


Version Info:

0: [No Data]

Trojan:Win32/Esulat.A!eml also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Zbot.1e!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Zbot.IQX
FireEyeGeneric.mg.96a66e88e52d7d7a
CAT-QuickHealTrojanPWS.Zbot.A4
SkyhighBehavesLike.Win32.Generic.cc
McAfeeGeneric-FAWT!96A66E88E52D
MalwarebytesMalware.AI.3632648804
ZillyaTrojan.Zbot.Win32.187651
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0055e3991 )
AlibabaTrojan:Win32/Esulat.9d16d55b
K7GWTrojan ( 0055e3991 )
Cybereasonmalicious.8e52d7
BitDefenderThetaGen:NN.ZexaF.36802.jqW@aCA@UQg
VirITTrojan.Win32.Atros2.TKG
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Boaxxe.BR
APEXMalicious
TrendMicro-HouseCallTROJ_XPACK.SM1
AvastWin32:Evo-gen [Trj]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Zbot.IQX
NANO-AntivirusTrojan.Win32.TrjGen.dwvwbl
TencentMalware.Win32.Gencirc.11521fe2
EmsisoftTrojan.Zbot.IQX (B)
F-SecureHeuristic.HEUR/AGEN.1341157
DrWebTrojan.Inject2.3607
VIPRETrojan.Zbot.IQX
TrendMicroTROJ_XPACK.SM1
Trapminemalicious.high.ml.score
SophosMal/Zbot-UH
IkarusTrojan.Win32.Boaxxe
JiangminTrojanDropper.Injector.aztz
ALYacTrojan.Zbot.IQX
AviraHEUR/AGEN.1341157
MAXmalware (ai score=100)
Antiy-AVLTrojan[Dropper]/Win32.Injector
Kingsoftmalware.kb.a.953
MicrosoftTrojan:Win32/Esulat.A!eml
XcitiumMalware@#1v1g88s121470
ArcabitTrojan.Zbot.IQX
ViRobotTrojan.Win32.Z.Injector.147456.DC
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Zbot.IQX
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Miuref.R164252
VBA32TrojanDropper.Injector
GoogleDetected
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.IRCbot!8.B47 (TFE:1:trBTIduZxlK)
YandexTrojan.GenAsa!FDsKvhgqS9o
MaxSecureTrojan.Malware.8758608.susgen
FortinetW32/Injector.CIQD!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan.Win.UnkAgent

How to remove Trojan:Win32/Esulat.A!eml?

Trojan:Win32/Esulat.A!eml removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment