Trojan

Trojan:Win32/GuLoader.PDT!MTB removal instruction

Malware Removal

The Trojan:Win32/GuLoader.PDT!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/GuLoader.PDT!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Turkish
  • Authenticode signature is invalid

How to determine Trojan:Win32/GuLoader.PDT!MTB?



File Info:

name: DF1FAAC81FE7B8AFA5F2.mlw
path: /opt/CAPEv2/storage/binaries/5f2a73dc9c03be2fbce67481198f6a7f3a0070a56a5549032ad01fdddc9e9a55
crc32: 71A37EFE
md5: df1faac81fe7b8afa5f209f1edab62af
sha1: ac323870284e1d464182fb02a8b9e6b8e81c766a
sha256: 5f2a73dc9c03be2fbce67481198f6a7f3a0070a56a5549032ad01fdddc9e9a55
sha512: d76e76a70f5b850842300b6cdebc8dce2c8692554ab967fa3b92f8d8878c7e746eed3077676f3616bf44443e92dbf3842b4a63a31f09044151eaa84f4c2a7f06
ssdeep: 1536:hHe+4N++bLOFwwR24zpixyfdwVbf7lfmecoF9xuWF9gGiE7:Lg+zkVJce9xuvq7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T121D34952B290A97DFF6945B12EF5C2A7D222ACB04C307517A3C03B1F3AF5A458867367
sha3_384: c053be79dae1164f987f460c8281e47b8b29bc93abf06c39f3c165d077a55c0cb530ad5a0dc6650317267d6134be2777
ep_bytes: 687c2a4000e8eeffffff000000000000
timestamp: 2021-12-08 00:00:12


Version Info:

Translation: 0x041f 0x04b0
CompanyName: QGenda
LegalCopyright: QGenda
ProductName: unarched
FileVersion: 1.00
ProductVersion: 1.00
InternalName: HJEMMEARBEJDERNES
OriginalFilename: HJEMMEARBEJDERNES.exe

Trojan:Win32/GuLoader.PDT!MTB also known as:

LionicTrojan.Win32.GuLoader.a!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.38227047
FireEyeGeneric.mg.df1faac81fe7b8af
McAfeeArtemis!DF1FAAC81FE7
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058b91c1 )
AlibabaTrojanDownloader:Win32/GuLoader.31410436
K7GWTrojan ( 0058b91c1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/GenCBL.BIZ
KasperskyTrojan-Downloader.Win32.GuLoader.xs
BitDefenderTrojan.GenericKD.38227047
AvastWin32:Trojan-gen
Ad-AwareTrojan.GenericKD.38227047
SophosMal/Generic-S
F-SecureHeuristic.HEUR/AGEN.1144532
McAfee-GW-EditionArtemis!Trojan
EmsisoftTrojan.GenericKD.38227047 (B)
IkarusTrojan.Win32.Generic
GDataTrojan.GenericKD.38227047
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1144532
MAXmalware (ai score=83)
GridinsoftRansom.Win32.Sabsik.sa
ArcabitTrojan.Generic.D2474C67
MicrosoftTrojan:Win32/GuLoader.PDT!MTB
CynetMalicious (score: 99)
BitDefenderThetaGen:NN.ZevbaF.34084.im1@aCcv8xaG
ALYacTrojan.GenericKD.38227047
VBA32BScope.Trojan.Shelsy
MalwarebytesTrojan.GuLoader
TrendMicro-HouseCallTROJ_GEN.R002H0DL821
SentinelOneStatic AI – Suspicious PE
FortinetW32/GenCBL.BIZ!tr
WebrootW32.Malware.Gen
AVGWin32:Trojan-gen
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan:Win32/GuLoader.PDT!MTB?

Trojan:Win32/GuLoader.PDT!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment