Trojan

About “Trojan:Win32/Refpron!D” infection

Malware Removal

The Trojan:Win32/Refpron!D is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Refpron!D virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Refpron!D?



File Info:

name: FBB68D4CCAAAAEA4C335.mlw
path: /opt/CAPEv2/storage/binaries/eab62e9d2101aada5c49b380ab304fa4e4b24ee6842f24d4be515c7211105c4a
crc32: 8090C815
md5: fbb68d4ccaaaaea4c335dbfcf1a15135
sha1: 478737510f3fa5f88201c5346eaee600c19cba17
sha256: eab62e9d2101aada5c49b380ab304fa4e4b24ee6842f24d4be515c7211105c4a
sha512: 3d833e9e2eedec9373a6158c4a22870ea406c78b68b8f49cf33b27cb462d4127b34af0e19999850f5f67b2b6814c0bbefd0c1c34d1103320231814bd60f64e18
ssdeep: 384:J1MDNrBxi730Ek8+M52mFqZBzLwsKHc14qN1pLvHsw1:3Mjx27kNMUzBvLZ1hrJvHsw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17AA29E8836D31D57D90E1A370A45CA3D8B785DE0EB464379F2A43BDF7DF40225A6029D
sha3_384: cbfd83e23ce603d7b150dc4dcda299a213691e5bdebae585be01d67f56aae90449a8f144c1b98a4dafa3e1776f9cc0ef
ep_bytes: 60be00d040008dbe0040ffff57eb0b90
timestamp: 1992-06-19 22:22:17


Version Info:

0: [No Data]

Trojan:Win32/Refpron!D also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Koblu.4!c
Elasticmalicious (moderate confidence)
DrWebTrojan.DownLoad1.56722
MicroWorld-eScanGen:Variant.Babar.77511
FireEyeGeneric.mg.fbb68d4ccaaaaea4
CAT-QuickHealTrojan.Dynamer.26640
ALYacGen:Variant.Babar.77511
MalwarebytesMalware.AI.2746345353
VIPREGen:Variant.Babar.77511
SangforTrojan.Win32.Refpron.Vw7k
AlibabaTrojan:Win32/Refpron.4434f43a
Cybereasonmalicious.ccaaaa
BitDefenderThetaAI:Packer.D1DF170D1F
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Refpron.HU
APEXMalicious
ClamAVWin.Trojan.Koblu-471
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Babar.77511
NANO-AntivirusTrojan.Win32.Koblu.sypm
AvastWin32:Trojan-gen
RisingTrojan.Refpron!8.86D (CLOUD)
EmsisoftGen:Variant.Babar.77511 (B)
F-SecureTrojan.TR/Refroso.dgc
ZillyaTrojan.Refpron.Win32.672
TrendMicroTROJ_REFPRON.SMF
McAfee-GW-EditionBehavesLike.Win32.Backdoor.mc
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Sasfis
GDataGen:Variant.Babar.77511
JiangminTrojan/Koblu.arj
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Refroso.dgc
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Koblu
XcitiumTrojWare.Win32.Koblu.D@1o0tdv
ArcabitTrojan.Babar.D12EC7
ViRobotTrojan.Win32.Koblu.33280.D[UPX]
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Refpron.gen!D
CynetMalicious (score: 100)
McAfeeArtemis!FBB68D4CCAAA
VBA32BScope.Trojan.Download
Cylanceunsafe
PandaGeneric Malware
TrendMicro-HouseCallTROJ_REFPRON.SMF
TencentWin32.Trojan.Refroso.Bwnw
YandexTrojan.Koblu!L2GjlKy7efE
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Koblu.DDH!tr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Refpron!D?

Trojan:Win32/Refpron!D removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment