Trojan

About “Trojan:Win32/Foosace!dha” infection

Malware Removal

The Trojan:Win32/Foosace!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Foosace!dha virus can do?

  • Performs HTTP requests potentially not found in PCAP.
  • Authenticode signature is invalid

How to determine Trojan:Win32/Foosace!dha?



File Info:

name: 99B93CFCFF258EB49E7A.mlw
path: /opt/CAPEv2/storage/binaries/c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd
crc32: DE9F6C72
md5: 99b93cfcff258eb49e7af603d779a146
sha1: 072933fa35b585511003f36e3885563e1b55d55a
sha256: c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd
sha512: abba8546317f8f10182e7929b174f592a9081cba097a7944d2faa7a4b103bbb2e11b0e4192e97a483739d088b2774b0d5a77d74a309a5e78d8bcea4eec339de8
ssdeep: 3072:TngNb4oz0aY5GyVH6sMiXBmfypRLrWeySI+OgVCJ6I6JjI/Rt7iXENctspjRitFF:jOb4oYzRVH6LiXEQrWeyS9hVLLEuh
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1D4149E21B9C0C079EBEF123589755B6E083E66F11B75C0C7F3BA8E396D50AC11A3625B
sha3_384: a2edb40ca856318684d134d92f1b0e90376fdd37fc6ded64d90c6e862af51778790dfd89fd4824bfc4b1b7107e425ecb
ep_bytes: 8bff558bec837d0c017505e8fe4f0000
timestamp: 2014-12-23 02:43:05


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Check Execute Spooler SubSystem Memory
FileVersion: 10.0.3601.4381splm.dll
InternalName: splm.dll
LegalCopyright: ® Microsoft Corporation. All rights reserved.splm.dll
OriginalFilename: splm.dll
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.3601.4381
Translation: 0x0409 0x04e4

Trojan:Win32/Foosace!dha also known as:

BkavW32.Common.1A7653DC
LionicTrojan.Win32.Foosace.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Sofacy.3
SkyhighBehavesLike.Win32.Dropper.ch
ALYacGen:Variant.Sofacy.3
Cylanceunsafe
ZillyaTrojan.Agent.Win32.654520
SangforTrojan.Win32.Foosace.Vgbq
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Variant.Sofacy.3
K7GWTrojan ( 0055e3dd1 )
K7AntiVirusTrojan ( 0055e3dd1 )
VirITTrojan.Win32.DownLoader16.CMDF
SymantecTrojan.Sofacy
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Agent.XIP
KasperskyHEUR:Trojan.Win32.Generic
AlibabaTrojan:Win32/Foosace.49528721
NANO-AntivirusTrojan.Win32.Sofacy.dxixtq
ViRobotTrojan.Win32.Z.Agent.202752.DB
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.13b0a18c
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1364586
DrWebTrojan.DownLoader16.43347
VIPREGen:Variant.Sofacy.3
TrendMicroTROJ_FRS.0NA103C219
FireEyeGen:Variant.Sofacy.3
EmsisoftGen:Variant.Sofacy.3 (B)
JiangminTrojan.Generic.hejdv
GoogleDetected
AviraHEUR/AGEN.1364586
Antiy-AVLTrojan/Win32.Apt28
Kingsoftmalware.kb.a.948
MicrosoftTrojan:Win32/Foosace!dha
XcitiumMalware@#2a6f6g2hba45j
ArcabitTrojan.Sofacy.3
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Sofacy.3
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.HDC.C987425
McAfeeGenericRXNU-EP!99B93CFCFF25
MAXmalware (ai score=100)
VBA32suspected of Trojan.Downloader.gen
MalwarebytesMalware.AI.3687084256
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_FRS.0NA103C219
RisingTrojan.Foosace!8.1EDD (TFE:5:nKnZ4fKVCuD)
YandexTrojan.Sofacy!iD5qa7Bm/Pw
IkarusTrojan.Sednit
FortinetW32/Sofacy.GFC!tr
BitDefenderThetaGen:NN.ZedlaF.36744.mu8@aeBQw2di
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Foosace!dha?

Trojan:Win32/Foosace!dha removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment