What is “Trojan:Win32/Rimecud!pz”?

The Trojan:Win32/Rimecud!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Rimecud!pz virus can do?

Behavioural detection: Executable code extraction – unpacking
Authenticode signature is invalid

How to determine Trojan:Win32/Rimecud!pz?


File Info:
name: F5B71920B78EE0CEFC67.mlw
path: /opt/CAPEv2/storage/binaries/1527bccb575d9ca0133c498b86280e421f8b41f392355aa899d9de4c4c5c411f
crc32: 0BB88209
md5: f5b71920b78ee0cefc679e095183f5df
sha1: 0fdbf73ce2637dea45dcffdadb8a59918e4adcbf
sha256: 1527bccb575d9ca0133c498b86280e421f8b41f392355aa899d9de4c4c5c411f
sha512: e1665f9f87e2ca8a1253663567fe7dc124e02cfec009b993a13bf6631aa8d7cb12d6951ca1a26d6ecf8c1c2470e969386de7ae9cb452668bb08c9a6d9c3bd6e0
ssdeep: 3072:gD66mRMBv2sTzq4umWPL2XnNCUEbEyNZAn0wLWq9SV/SVZf9uqZfF/msHIs/1U5L:mmRefqXIniDZScqkCJMqXhro
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T107144D5077FBE298F1F75E351DA071D6899ABEB37E36829D1200351E8831AC48C69F36
sha3_384: 8674d81ef09d043803def752dd24592a97ba76003613bbe2fb8443e9de06ad68d406bfbbb72f6b5d0d56f0c5ee6f5291
ep_bytes: 8bff558bec81ecf80000005357566a00
timestamp: 2008-04-02 20:48:46

Version Info:
0: [No Data]

Trojan:Win32/Rimecud!pz also known as:

Bkav	W32.RimecudQKH.Fam.Worm
Lionic	Trojan.Win32.Buzus.kZ0o
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Rimecud.8
FireEye	Generic.mg.f5b71920b78ee0ce
Skyhigh	BehavesLike.Win32.Corrupt.ch
McAfee	Generic Dropper.yd
Cylance	unsafe
Zillya	Worm.Palevo.Win32.36864
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 002686071 )
Alibaba	Worm:Win32/Rimecud.0ad4dc30
K7GW	Trojan ( 002686071 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Rimecud.8
BitDefenderTheta	AI:Packer.B06F66C51F
Symantec	W32.Pilleuz!gen19
ESET-NOD32	a variant of Win32/Kryptik.JLW
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Trojan.GenericFF-8
Kaspersky	HEUR:Worm.Win32.Generic
BitDefender	Gen:Variant.Rimecud.8
NANO-Antivirus	Trojan.Win32.Crypted.gxksv
SUPERAntiSpyware	Rogue.SecurityShield
Avast	Win32:FileInfector-A [Heur]
Tencent	Trojan.Win32.FakeFolder.x
Emsisoft	Gen:Variant.Rimecud.8 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen3
DrWeb	Trojan.Packed.21305
VIPRE	Gen:Variant.Rimecud.8
TrendMicro	WORM_OTORUN.SMJB
Trapmine	malicious.high.ml.score
Sophos	Mal/Palevo-A
Ikarus	P2P-Worm.Win32.Palevo
Jiangmin	Pack.Mal.AntiVM
Webroot	W32.Rimecud.Gen
Varist	W32/Rimecud.P.gen!Eldorado
Avira	TR/Crypt.XPACK.Gen3
Antiy-AVL	Trojan/Win32.Kryptik
Kingsoft	Win32.HeurC.KVM007.a
Xcitium	TrojWare.Win32.Kryptik.JW@4jahvd
Microsoft	Trojan:Win32/Rimecud!pz
ZoneAlarm	HEUR:Worm.Win32.Generic
GData	Gen:Variant.Rimecud.8
Google	Detected
AhnLab-V3	Win32/Palevo12.worm.Gen
VBA32	Worm.Autorun
MAX	malware (ai score=100)
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Rimecud.a
TrendMicro-HouseCall	WORM_OTORUN.SMJB
Rising	Malware.FakeFolder/ICON!1.D013 (CLASSIC)
Yandex	Trojan.GenAsa!X6kf9xG6KZg
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Kryptik.ANX!tr
AVG	Win32:FileInfector-A [Heur]
Cybereason	malicious.ce2637
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Rimecud!pz?

Trojan:Win32/Rimecud!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X