Trojan

About “Trojan:Win32/Parchood.A” infection

Malware Removal

The Trojan:Win32/Parchood.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Parchood.A virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Writes to the spooler folder, potential vulnerability or printer driver install
  • Collects information to fingerprint the system

How to determine Trojan:Win32/Parchood.A?



File Info:

name: 502C8F454BAFD2933ABC.mlw
path: /opt/CAPEv2/storage/binaries/9a61720f71bd9716b97cbbae79b325bd906f9d299ed6474601d6dbde81cdd7cc
crc32: FE80492C
md5: 502c8f454bafd2933abc96cb551e3c8a
sha1: ee5935731c99bb2c39477a10af87e4bcce40728f
sha256: 9a61720f71bd9716b97cbbae79b325bd906f9d299ed6474601d6dbde81cdd7cc
sha512: 5fcd1c989c18abf9e91476e1a48ecfcb15824efb4cbdcba03cc1d4be11974bfec7b810c6b83e2bbdae2e1b0294c4f55a567838a558f541374d88fbd010bbd849
ssdeep: 6144:+v/eniXFFlP0Esv2qqjT7XHZmxOB0FJbvfwqMny3T:+3eniXFMEsUTHZwND71D
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15714128CFA7B0159D2C5EF373C21262E453F235017BB5B985F50EA10B4BEA1E05A9DCA
sha3_384: 71e972ae850192dff1123037443614ceab0404d066ae2a854f7e83e29b132c4a2b322447ce9fca1be0acb1b6fecdfdff
ep_bytes: 60be00f041008dbe0020feff57eb0b90
timestamp: 2008-12-15 08:43:39


Version Info:

CompanyName: Kxsvoqgfph Wkhjpkywdu
FileDescription: Kxsvoqgfph Hcisjlmqnf Giprm
FileVersion: 94,114,58,65
InternalName: Kxsvoqgfph
LegalCopyright: Copyright © Kxsvoqgfph Wkhjpkywdu 2003-2007
OriginalFilename: Kxsvoqgfph.exe
ProductName: Kxsvoqgfph Hcisjlmqnf Giprm
ProductVersion: 62,100,81,33
Translation: 0x0409 0x04e4

Trojan:Win32/Parchood.A also known as:

BkavW32.MosquitoQKK.Fam.Trojan
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop2.30961
CynetMalicious (score: 100)
FireEyeGeneric.mg.502c8f454bafd293
ALYacGen:Heur.VIZ.2
CylanceUnsafe
VIPREVirTool.Win32.Obfuscator.da!j (v)
SangforBackdoor.Win32.Generic.623601
K7AntiVirusTrojan ( f1000f011 )
AlibabaVirTool:Win32/Obfuscator.63b98cc4
K7GWTrojan ( f1000f011 )
Cybereasonmalicious.54bafd
BitDefenderThetaAI:Packer.4653743321
VirITTrojan.Win32.MulDrop2.BTUV
CyrenW32/Zbot.CN.gen!Eldorado
SymantecDownloader.Lofog!gen4
ESET-NOD32a variant of Win32/Kryptik.LDY
TrendMicro-HouseCallTROJ_CRYPTR.SMAM
Paloaltogeneric.ml
ClamAVWin.Trojan.623601-1
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.VIZ.2
NANO-AntivirusTrojan.Win32.Kolab.harxq
SUPERAntiSpywareTrojan.Agent/Gen-Cryptic
MicroWorld-eScanGen:Heur.VIZ.2
AvastWin32:Kryptik-ALL [Trj]
TencentWin32.Trojan.Generic.Srng
Ad-AwareGen:Heur.VIZ.2
SophosMal/Generic-R + Mal/Zbot-CX
ComodoTrojWare.Win32.Trojan.XPACK.Gen@2ho5ur
ZillyaTrojan.Zbot.Win32.38199
TrendMicroTROJ_CRYPTR.SMAM
McAfee-GW-EditionBehavesLike.Win32.MultiDropper.cc
EmsisoftGen:Heur.VIZ.2 (B)
IkarusBackdoor.Win32.Rbot
GDataGen:Heur.VIZ.2
JiangminWorm/Kolab.jhk
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.7591BB
ViRobotWorm.Win32.A.Net-Kolab.201248.A[UPX]
MicrosoftTrojan:Win32/Parchood.A
AhnLab-V3Trojan/Win32.Zbot.R3226
McAfeeW32/Pinkslipbot.gen.af
MAXmalware (ai score=100)
VBA32Trojan.Zeus.EA.0999
APEXMalicious
RisingDropper.Generic!8.35E (CLOUD)
YandexTrojan.GenAsa!ttDYgHsfigg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.1866906.susgen
FortinetW32/Kryptik.NAS!tr
AVGWin32:Kryptik-ALL [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Parchood.A?

Trojan:Win32/Parchood.A removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment