Trojan:Win32/Esulat.A!rfn information

Malware Removal

The Trojan:Win32/Esulat.A!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Esulat.A!rfn virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan:Win32/Esulat.A!rfn?


File Info:

crc32: ACF33FAA
md5: 2d64418a066e4f7b8f56e1ca41acaf6d
name: Onekey_2020.exe
sha1: e6c8ef50223c6776247ac4624b9c09e39b84fd9c
sha256: 5c7d63da8cc47e2ca1ee86c0036878e1bc46a215d26af6da305a91eb4306d055
sha512: e041782a1f263e97e248113f4467b399168c56007b0fd36026d3393ab9763412359acc9caa927423512e553667d64733eb9468e9d67a1bb96a2dded92be552ae
ssdeep: 196608:yj+6RabNquiNd2YJBpJzBnDojFIBBIMskaKHp9LdTbKvpPfWCWgd0UaxW2x7kv:SabU6YJBfBn8jFIBdaKnJbopPfWCRtay
type: MS-DOS executable, MZ for MS-DOS

Version Info:

LegalCopyright: x96e8x6797x6728x98ce
internalname: ylmf.exe
FileVersion: 2019.8.3.26
Comments: x96e8x6797x6728x98ce
ProductName: ylmf.exe
ProductVersion: 2019.8.3.26
FileDescription: x96e8x6797x6728x98ce
OriginalFilename: ylmf.exe
Translation: 0x0804 0x04b0

Trojan:Win32/Esulat.A!rfn also known as:

MicroWorld-eScanTrojan.GenericKD.42286176
CMCVirus.Win32.Sality!O
CAT-QuickHealTrojan.Occamy
McAfeeGenericRXIX-KX!2D64418A066E
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 00543da91 )
BitDefenderTrojan.GenericKD.42286176
K7GWTrojan ( 00543da91 )
CrowdStrikewin/malicious_confidence_90% (W)
Invinceaheuristic
ESET-NOD32a variant of Win32/Packed.Autoit.NBM suspicious
TrendMicro-HouseCallTROJ_GEN.R002C0DA920
AvastWin32:Malware-gen
ClamAVWin.Malware.Score-6959087-0
GDataTrojan.GenericKD.42286176
AlibabaTrojan:Win32/Esulat.fb79dc7b
AegisLabTrojan.Win32.Generic.4!c
Ad-AwareTrojan.GenericKD.42286176
SophosMal/Generic-S
ComodoMalware@#3vdq9cuhadhgc
F-SecureHeuristic.HEUR/AGEN.1043842
DrWebTrojan.Packed2.42148
TrendMicroTROJ_GEN.R002C0DA920
McAfee-GW-EditionBehavesLike.Win32.SoftPulse.tc
Trapminemalicious.moderate.ml.score
FireEyeGeneric.mg.2d64418a066e4f7b
EmsisoftTrojan.GenericKD.42286176 (B)
APEXMalicious
CyrenW32/Trojan.LHBA-7549
JiangminRiskTool.Miner.fl
WebrootW32.Malware.Gen
AviraHEUR/AGEN.1043842
Endgamemalicious (high confidence)
ArcabitTrojan.Generic.D2853C60
AhnLab-V3Trojan/Win32.RL_Banload.R299840
MicrosoftTrojan:Win32/Esulat.A!rfn
Acronissuspicious
ALYacTrojan.GenericKD.42286176
MAXmalware (ai score=99)
VBA32TrojanDownloader.Banload
MalwarebytesTrojan.Dropper
PandaTrj/CI.A
YandexRiskware.Autoit!
IkarusPUA.Autoit
eGambitUnsafe.AI_Score_100%
FortinetPossibleThreat
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan:Win32/Esulat.A!rfn?

Trojan:Win32/Esulat.A!rfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment