Trojan

Trojan:Win32/WhisperGate removal instruction

Malware Removal

The Trojan:Win32/WhisperGate is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/WhisperGate virus can do?

  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Binary file triggered YARA rule

How to determine Trojan:Win32/WhisperGate?



File Info:

name: 971D710C2612F65B6DC5.mlw
path: /opt/CAPEv2/storage/binaries/08552fc7c1fcdb754d81dad78184ad191d0585b970a1b633cef88ce63804947e
crc32: 8B8B1C77
md5: 971d710c2612f65b6dc5facb2ba5aac3
sha1: 5a84e0d34ac1b8f41435ff09056915fa347be640
sha256: 08552fc7c1fcdb754d81dad78184ad191d0585b970a1b633cef88ce63804947e
sha512: ca4a21028735f687cd883168ce2fd5d65ec4bc2a602aae45a4729c3266db62fdb2e4141a985dc726dd699fe98d3d039e117aa155d9e9edca438a2117f4949d35
ssdeep: 3072:lN9XD38z8b6/cFaWJsGv9o0OwlqeVnZFdTqdtk+NI:D9XDMgbPF0Gv60OwbvTt+N
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17034FE037E48FB15E6A83937C2EF6D2413F1A0CB0673860B6F49AE6525416537E6E36C
sha3_384: 7c707a042383dc5db28384b73e905d1ea23663350a75c4cc3cc0307bf37e9db2a1f3e4a9b941a647b0e538e7ec7d4294
ep_bytes: ff250020400000000000000000000000
timestamp: 2023-07-30 10:02:58


Version Info:

Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 1.0.0.0
InternalName: e54e8234-c538-4d61-9ae7-0c66fe2c76ab.exe
LegalCopyright:  
OriginalFilename: e54e8234-c538-4d61-9ae7-0c66fe2c76ab.exe
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Trojan:Win32/WhisperGate also known as:

BkavW32.AIDetectMalware.CS
LionicTrojan.Win32.Dacic.i!c
MicroWorld-eScanGeneric.Dacic.64A56CA5.A.9F547F67
SkyhighBehavesLike.Win32.AgentTesla.dm
McAfeeArtemis!971D710C2612
MalwarebytesGeneric.Malware.AI.DDS
VIPREGeneric.Dacic.64A56CA5.A.9F547F67
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 005ac7f11 )
AlibabaTrojanPSW:MSIL/Stealer.ffd1c17a
K7GWTrojan ( 005ac7f11 )
Cybereasonmalicious.c2612f
VirITTrojan.Win32.Genus.SNA
SymantecML.Attribute.HighConfidence
ElasticWindows.Generic.Threat
ESET-NOD32a variant of MSIL/Spy.AgentTesla.I
APEXMalicious
TrendMicro-HouseCallTrojanSpy.Win32.NEGASTEAL.YXDHCZ
ClamAVWin.Packed.Generic-10003641-0
KasperskyHEUR:Trojan-PSW.MSIL.Stealer.gen
BitDefenderGeneric.Dacic.64A56CA5.A.9F547F67
AvastWin32:PWSX-gen [Trj]
TencentMalware.Win32.Gencirc.13ebab5a
TACHYONTrojan-PWS/W32.DN-InfoStealer.252928
EmsisoftGeneric.Dacic.64A56CA5.A.9F547F67 (B)
F-SecureTrojan.TR/Spy.Gen8
DrWebBackDoor.SpyBotNET.62
ZillyaTrojan.RedLine.Win32.7508
TrendMicroTrojanSpy.Win32.NEGASTEAL.YXDHCZ
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.971d710c2612f65b
SophosTroj/Tesla-CNT
IkarusTrojan-Spy.MSIL.Redline
GoogleDetected
AviraTR/Spy.Gen8
VaristW32/MSIL_Kryptik.JRO.gen!Eldorado
Antiy-AVLTrojan[Spy]/MSIL.AgentTesla
Kingsoftmalware.kb.c.982
MicrosoftTrojan:Win32/WhisperGate
XcitiumMalware@#10vg37ij6aspq
ArcabitGeneric.Dacic.64A56CA5.A.9F547F67
ZoneAlarmHEUR:Trojan-PSW.MSIL.Stealer.gen
GDataGeneric.Dacic.64A56CA5.A.9F547F67
AhnLab-V3Infostealer/Win.AgentTesla.R631699
BitDefenderThetaGen:NN.ZemsilF.36802.pm0@aqVpxKh
ALYacGeneric.Dacic.64A56CA5.A.9F547F67
MAXmalware (ai score=80)
VBA32TScope.Trojan.MSIL
Cylanceunsafe
PandaTrj/Chgt.AD
ZonerTrojan.Win32.159951
RisingSpyware.AgentTesla!8.10E35 (CLOUD)
YandexTrojan.Igent.b0CHi5.4
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.74396735.susgen
FortinetMSIL/Agent.F!tr.spy
AVGWin32:PWSX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudTrojan[spy]:MSIL/AgentTesla.F

How to remove Trojan:Win32/WhisperGate?

Trojan:Win32/WhisperGate removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment