About “Trojan:Win32/Foremurad!dha” infection

The Trojan:Win32/Foremurad!dha is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Foremurad!dha virus can do?

Yara rule detections observed from a process memory dump/dropped files/CAPE
Authenticode signature is invalid
CAPE detected the TrickBot malware family

How to determine Trojan:Win32/Foremurad!dha?


File Info:
name: 6C4A5ADE44E3EE53D0E3.mlw
path: /opt/CAPEv2/storage/binaries/78f608ea7b6d10ca49d11927544d0f4e1fc8ed0dfd7339ba83c1df51b84092ba
crc32: 4934F24F
md5: 6c4a5ade44e3ee53d0e335e481583111
sha1: 056985aec65953ee39d2c6f0a6474a1a0a9224e4
sha256: 78f608ea7b6d10ca49d11927544d0f4e1fc8ed0dfd7339ba83c1df51b84092ba
sha512: 61612496c3c181c5a0ea56d9429aad0d40296fde995ad31a8ec1734fd3ffba66f73c780b238df02896e8b180626f1146970c0a4e9c0eca69989cadb7d584a6ad
ssdeep: 3072:Y2HzxtU5YU8Km5cFk1oOG5UP2s56S9NuEI+BclqSHJiYs4hp13tuvswWwk32KZzD:XTrrDImkq0JiYsicTW7GKZzX
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1F5246B0BB2A401F9D567D139CA9B822BEAF17085032297DF1B608F654F03BE6B93D745
sha3_384: 316849dfb2a651ce2ad2532dea45b15d1e699645cc2608ae6dda67f85bed16812ddfbf9cbb5935580015f5a6d1547f6a
ep_bytes: 00000000000000000000000000000000
timestamp: 2018-08-13 06:31:02

Version Info:
0: [No Data]

Trojan:Win32/Foremurad!dha also known as:

Lionic	Trojan.Win64.Trickster.4!c
MicroWorld-eScan	Trojan.GenericKD.38137854
FireEye	Generic.mg.6c4a5ade44e3ee53
CAT-QuickHeal	Trojan.Foremurad
McAfee	Artemis!6C4A5ADE44E3
Malwarebytes	Malware.AI.2164778977
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Trojan.GenericKD.38137854
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.ec6595
Symantec	Trojan.Gen.MBT
APEX	Malicious
Avast	Win64:Malware-gen
ClamAV	Win.Trojan.Trickbot-6335811-0
Kaspersky	Trojan-Banker.Win32.Trickster.ipp
Alibaba	TrojanBanker:Win32/Trickster.37c70e13
Ad-Aware	Trojan.GenericKD.38137854
Sophos	Mal/Generic-S
TrendMicro	TROJ_GEN.R002C0DL221
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Trojan.GenericKD.38137854 (B)
Avira	TR/Foremurad.qnsxz
Microsoft	Trojan:Win32/Foremurad!dha
GData	Trojan.GenericKD.38137854
Cynet	Malicious (score: 99)
VBA32	Trojan.Win64.Trickster
ALYac	Trojan.GenericKD.38137854
Cylance	Unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0DL221
MAX	malware (ai score=83)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
CrowdStrike	win/malicious_confidence_60% (D)

How to remove Trojan:Win32/Foremurad!dha?

Trojan:Win32/Foremurad!dha removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X