Trojan

What is “Trojan:Win32/KillProc.P”?

Malware Removal

The Trojan:Win32/KillProc.P is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/KillProc.P virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/KillProc.P?



File Info:

name: 3BF5381261AB11CACC58.mlw
path: /opt/CAPEv2/storage/binaries/49ead1192132f39884dcd2756dbaaedc51078cab8537764cc3b6a05f6906fd68
crc32: 6C039718
md5: 3bf5381261ab11cacc58805dc069d6c0
sha1: d074f423488ca94c6cd6b41ef6d1af782ff55f73
sha256: 49ead1192132f39884dcd2756dbaaedc51078cab8537764cc3b6a05f6906fd68
sha512: aacbf2381df5aec936a72d841c87573b17b0b5a5036657cc7452081a715e1d291936eea1cbc7c309801351dc00fb1447a319d929c8d523b28800e061ea04aea7
ssdeep: 768:g5BOFKksO1mE9B77777J77c77c77c719dtMXg6K4Jp84RxXxm8D:g8Fs+DB77777J77c77c77c719dfip845
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D8D28C632C1DD8D6FA9542300697DDA889F07C3441364E9B3BF53A3EECB39439930A5A
sha3_384: c7eef4594d9137f34a138e50ff8b4b20705e12976639956886b3f0c41d828fff4fd33c9782a1c4f0d80e070a788d864e
ep_bytes: 60be00a040008dbe0070ffff5783cdff
timestamp: 2006-01-26 23:27:38


Version Info:

Translation: 0x0409 0x04b0
Comments: Word Document
CompanyName: |“~|~|~|•~|~|Œ~O…„
FileDescription: Word Document
ProductName: |“~|~|~|•~|~|Œ~O…„
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Document
OriginalFilename: Document.exe

Trojan:Win32/KillProc.P also known as:

Elasticmalicious (moderate confidence)
MicroWorld-eScanGen:Trojan.Heur.bmMfrrUJ1Pkif
ClamAVWin.Trojan.Generic-42
FireEyeGeneric.mg.3bf5381261ab11ca
CAT-QuickHealTrojan.AgentMF.S28991376
McAfeeGenericRXAA-FA!3BF5381261AB
Cylanceunsafe
ZillyaTrojan.VB.Win32.97860
SangforTrojan.Win32.Killproc.Vex9
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojan:Win32/KillProc.e77f6768
K7GWTrojan ( 0058f49e1 )
K7AntiVirusTrojan ( 0058f49e1 )
BitDefenderThetaAI:Packer.41B9A9721D
VirITBackdoor.Win32.Bifrose.EH
CyrenW32/Trojan.WDEF-6301
SymantecSMG.Heur!gen
tehtrisGeneric.Malware
ESET-NOD32Win32/VB.ASY
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyTrojan.Win32.VB.asy
BitDefenderGen:Trojan.Heur.bmMfrrUJ1Pkif
NANO-AntivirusTrojan.Win32.VB.csnmkd
SUPERAntiSpywareTrojan.Agent/Gen-FalComp
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Agent.acq
EmsisoftGen:Trojan.Heur.bmMfrrUJ1Pkif (B)
BaiduWin32.Trojan.VB.z
F-SecureTrojan.TR/Spy.Famalis.2
DrWebTrojan.KillProc.16483
VIPREGen:Trojan.Heur.bmMfrrUJ1Pkif
TrendMicroTSPY_FAMALIS.A
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.mc
SophosMal/VBDrop-G
IkarusBackdoor.Win32.Bifrose
GDataGen:Trojan.Heur.bmMfrrUJ1Pkif
JiangminTrojan/VB.cntm
AviraTR/Spy.Famalis.2
Antiy-AVLTrojan/Win32.VB
XcitiumTrojWare.Win32.VB.ASY@22ud
ArcabitTrojan.Heur.bmMfrrUJ1Pkif
ViRobotTrojan.Win32.A.VB.22879[UPX]
ZoneAlarmTrojan.Win32.VB.asy
MicrosoftTrojan:Win32/KillProc.P
GoogleDetected
AhnLab-V3Trojan/Win32.Banker.R2087
Acronissuspicious
VBA32Trojan.VB
ALYacGen:Trojan.Heur.bmMfrrUJ1Pkif
MalwarebytesMalware.AI.3874695177
PandaTrj/Genetic.gen
TrendMicro-HouseCallTSPY_FAMALIS.A
RisingTrojan.DL.generic.s (CLASSIC)
SentinelOneStatic AI – Malicious PE
FortinetW32/Generic.AC.134!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/KillProc.P?

Trojan:Win32/KillProc.P removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment