Trojan

UDS:Trojan-Downloader.OLE2.Sneaky (file analysis)

Malware Removal

The UDS:Trojan-Downloader.OLE2.Sneaky is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Trojan-Downloader.OLE2.Sneaky virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid

How to determine UDS:Trojan-Downloader.OLE2.Sneaky?



File Info:

name: 7C78A330F0904A938B9F.mlw
path: /opt/CAPEv2/storage/binaries/38afc1915e9290923d7c16313e316a4cf83e0608ee2d9342646ed3e3a39eb084
crc32: B2A49C35
md5: 7c78a330f0904a938b9f9d1fb34080d2
sha1: 8f4f6ab5ca93c49960f6b453d5e9c9a01e65abf9
sha256: 38afc1915e9290923d7c16313e316a4cf83e0608ee2d9342646ed3e3a39eb084
sha512: 5637129b7da408008aae3e6754400142e4f986ab0f585a78cddba72dd73479e892d6f82d89bdf95c8d96b2890d54ddb2022f459ca5de371eea83ddcdde37663a
ssdeep: 49152:DITM0ukCBHMG1zgKkrRPjTQrn2ZwktVWRrhzoTuS7SVwEhC1lTNXcLj5fb+9HygA:uM05CN1zgKkrRPjTQr1hzxFIygFK2ztA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BCD57C31B687C53BE56619B1692CDA9F5029BF650F7090D7A7D80EAE48B08C34632F37
sha3_384: 683060941ccad2877c07e8e0ade613767dcf2371b2f5e7b8491996d047539301f9411a3a87703069818faabc2493b782
ep_bytes: e83e060000e97afeffffcc518d4c2408
timestamp: 2019-04-23 09:20:13


Version Info:

CompanyName: Bitsoftmaker
FileDescription: Leitor De Arquivos Installer
FileVersion: 1.0.0
InternalName: Leitor De Arquivos
LegalCopyright: Copyright (C) 2019 Bitsoftmaker
OriginalFileName: Leitor De Arquivos.exe
ProductName: Leitor De Arquivos
ProductVersion: 1.0.0
Translation: 0x0409 0x04b0

UDS:Trojan-Downloader.OLE2.Sneaky also known as:

LionicTrojan.OLE2.Sneaky.a!c
MicroWorld-eScanTrojan.GenericKD.32781699
FireEyeTrojan.GenericKD.32781699
McAfeeArtemis!7C78A330F090
CylanceUnsafe
SangforTrojan.Win32.RedCap.rrsip
AlibabaTrojanDownloader:Win32/Sneaky.59674570
Cybereasonmalicious.0f0904
SymantecTrojan.Gen.MBT
KasperskyUDS:Trojan-Downloader.OLE2.Sneaky.gen
BitDefenderTrojan.GenericKD.32781699
AvastWin32:Malware-gen
TencentWin32.Trojan.Falsesign.Ajvs
Ad-AwareTrojan.GenericKD.32781699
EmsisoftTrojan.GenericKD.32781699 (B)
McAfee-GW-EditionArtemis!Trojan
SophosMal/Generic-S
GDataTrojan.GenericKD.32781699
AviraTR/Redcap.rrsip
MicrosoftTrojan:Win32/Wacatac.B!ml
VBA32TrojanDownloader.OLE
ALYacTrojan.GenericKD.32781699
MAXmalware (ai score=81)
RisingDownloader.Sneaky!8.10B19 (CLOUD)
FortinetW32/OLE2.SNEAKY!tr.dldr
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove UDS:Trojan-Downloader.OLE2.Sneaky?

UDS:Trojan-Downloader.OLE2.Sneaky removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment