Trojan

Trojan:Win32/Otran removal guide

Malware Removal

The Trojan:Win32/Otran is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Otran virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Guard pages use detected – possible anti-debugging.
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Sniffs keystrokes
  • Exhibits possible ransomware file modification behavior
  • Creates a copy of itself
  • Harvests cookies for information gathering
  • Clears web history

How to determine Trojan:Win32/Otran?



File Info:

name: 5EC430EC18E5BC285472.mlw
path: /opt/CAPEv2/storage/binaries/f5299b18a4406167ad406c955e3c17706eab679181620996cc9d2e36e84204ce
crc32: F657C289
md5: 5ec430ec18e5bc2854726da2c51b4d10
sha1: be1a5a7c9a21d25bc8b3136d14270043d81e736b
sha256: f5299b18a4406167ad406c955e3c17706eab679181620996cc9d2e36e84204ce
sha512: fffb7dee2c019aaa40819c26dc25b1897eee82755220e343a56261974b19e125d49d5ca104783c6bafc420e4b0c4280dd77cb9bba3d0d3e0208ae835bbf38eec
ssdeep: 1536:bTcOqSlLj7GMaYPXHO0j2HR57aHPzkdC/uF5NNv/TQyLyj3ORM/5pAZWK:ldlLjSFqXuQ2x5oPzd/qHsp335CZWK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14AF36CC3FF581A96D02D55B72CAB89500B71BD334504A72AB6D0B72F09B3353AA73A47
sha3_384: 75aef38bef6f18c127dfde069c02e3a23549cac91f438e7fbaadb7f4b0bed2b272d9d0f58530bba0dc14b28a3d466e53
ep_bytes: ff250020400000000000000000000000
timestamp: 2013-06-06 08:28:50


Version Info:

Translation: 0x0000 0x04b0
Comments: Microsoft
CompanyName: Microsoft
FileDescription: Service
FileVersion: 1.0.0.0
InternalName: Service.exe
LegalCopyright: MIcrosoft
LegalTrademarks: @ngel
OriginalFilename: Service.exe
ProductName: Microsoft
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:Win32/Otran also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Lazy.48253
FireEyeGeneric.mg.5ec430ec18e5bc28
ALYacGen:Variant.Lazy.48253
CylanceUnsafe
K7AntiVirusTrojan ( 700000121 )
AlibabaRansom:Win32/Blocker.47172ba2
K7GWTrojan ( 700000121 )
Cybereasonmalicious.c18e5b
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/Autorun.Agent.FR
APEXMalicious
AvastWin32:Trojan-gen
KasperskyTrojan-Ransom.Win32.Blocker.cckq
BitDefenderGen:Variant.Lazy.48253
NANO-AntivirusTrojan.Win32.Gen8.cceosn
TencentWin32.Trojan.Blocker.Tapg
Ad-AwareGen:Variant.Lazy.48253
EmsisoftGen:Variant.Lazy.48253 (B)
ComodoMalware@#143d3wt6fjp0z
F-SecureTrojan.TR/Spy.Gen
DrWebWin32.HLLW.Autoruner1.54840
TrendMicroRansom_Blocker.R011C0RDQ22
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-R + Mal/MSIL-AW
Paloaltogeneric.ml
GDataGen:Variant.Lazy.48253
AviraTR/Spy.Gen
KingsoftWin32.Troj.Generic_a.a.(kcloud)
ZoneAlarmTrojan-Ransom.Win32.Blocker.cckq
MicrosoftTrojan:Win32/Otran
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Blocker.R91907
McAfeeArtemis!5EC430EC18E5
MAXmalware (ai score=100)
VBA32Hoax.Blocker
MalwarebytesWorm.HiddenExt.SVC
TrendMicro-HouseCallRansom_Blocker.R011C0RDQ22
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/MSIL.AW
BitDefenderThetaGen:NN.ZemsilF.34606.km1@a48QRub
AVGWin32:Trojan-gen
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Otran?

Trojan:Win32/Otran removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment