Trojan

Trojan:Win32/Guildma!pz information

Malware Removal

The Trojan:Win32/Guildma!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Guildma!pz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Guildma!pz?



File Info:

name: 478B28A4602339219D1F.mlw
path: /opt/CAPEv2/storage/binaries/691d8df704670333f9e4c295a3a306373f1d2082141df54e521a9aaf1aada979
crc32: 9B06B379
md5: 478b28a4602339219d1f5a49f539f215
sha1: 430f8394306d0e15ca7a45be051b298f56f544fe
sha256: 691d8df704670333f9e4c295a3a306373f1d2082141df54e521a9aaf1aada979
sha512: 6c82e756ca55a5a72bcebe416f357afe045f6f7f7b19ed2798f6aad16d22d01605597e3a60c5db4f2df3884ae64c5e4b36f7a5579c8e41183a04e1fe116a5c85
ssdeep: 24576:Y4XKqa8SEiGURj37I5N4TqWqY6zlVqV/Z4X:Y46qaa9URj3PabqpZ4X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D93523D963AD3638E08328B61D07699F32342C10B60ED9D7DB15398F6C161CEBA1D7B6
sha3_384: 23d9b578b750dd0583554087b67c1d028e6fbc9c70342a28a189d6705fb42120ae0a3d6d1fa35aed9ee17dd8e64addd8
ep_bytes: e9e9c10200617f32a7a36d6016126d22
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Trojan:Win32/Guildma!pz also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Trojan.Heur.GM.0500040802
ClamAVWin.Malware.Fuerboos-9787276-0
FireEyeGeneric.mg.478b28a460233921
CAT-QuickHealTrojan.GenericPMF.S31679439
SkyhighBehavesLike.Win32.Generic.th
McAfeeGenericRXWL-GU!478B28A46023
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Trojan.Heur.GM.0500040802
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0052964f1 )
K7GWTrojan ( 0052964f1 )
CrowdStrikewin/malicious_confidence_100% (D)
ArcabitTrojan.Heur.GM.D1DCE0462
BitDefenderThetaAI:Packer.B2DAF18B1D
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Packed.VMProtect.AJY
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderGen:Trojan.Heur.GM.0500040802
AvastWin32:TrojanX-gen [Trj]
TencentTrojan.Win32.Agent.kaw
EmsisoftGen:Trojan.Heur.GM.0500040802 (B)
F-SecureTrojan.TR/Dropper.Gen
ZillyaTrojan.Agent.Win32.3657084
Trapminemalicious.high.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Kryptik.sut
GoogleDetected
AviraTR/Dropper.Gen
MAXmalware (ai score=88)
Antiy-AVLVirus/Win32.Expiro.imp
Kingsoftmalware.kb.b.999
MicrosoftTrojan:Win32/Guildma!pz
ZoneAlarmHEUR:Trojan.Win32.Agent.gen
GDataWin32.Trojan.PSE.1TL8VU1
VaristW32/Agent.HDD.gen!Eldorado
AhnLab-V3Trojan/Win.Generic.R600650
Acronissuspicious
ALYacGen:Trojan.Heur.GM.0500040802
VBA32TScope.Trojan.Delf
Cylanceunsafe
PandaTrj/Genetic.gen
RisingTrojan.Generic@AI.99 (RDMK:05d1BzrbbvdG4L9f8U/xRg)
YandexTrojan.Agent!d3eIOUQKfi8
IkarusTrojan.Win32.Guildma
FortinetW32/VMProtect.WV!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.4306d0
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Guildma!pz?

Trojan:Win32/Guildma!pz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment