Trojan

What is “UDS:Trojan-Downloader.Win32.GCleaner.hbz”?

Malware Removal

The UDS:Trojan-Downloader.Win32.GCleaner.hbz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Trojan-Downloader.Win32.GCleaner.hbz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Yara detections observed in process dumps, payloads or dropped files

How to determine UDS:Trojan-Downloader.Win32.GCleaner.hbz?



File Info:

name: DFF08EBBC33A45D2EE65.mlw
path: /opt/CAPEv2/storage/binaries/1f5ed52619095dfd3fe4ae7e74c6d6d589305205a4aa1d6f430f4f6902045d08
crc32: 4BCF24FA
md5: dff08ebbc33a45d2ee65ed51fe476b92
sha1: 3bfb925080254bf3886681626b48b921ac537b25
sha256: 1f5ed52619095dfd3fe4ae7e74c6d6d589305205a4aa1d6f430f4f6902045d08
sha512: 95e606e9b686805ce3a4cf4f4dae853ed457a365ee51b87c149dd7bae2dc63b25f74b5e2c868d54c9a96ce68b789fb582d74ccceef1eefa2b23e8aef55833893
ssdeep: 49152:SiRbebr9te1GyOKJuXa8LtXjXjexIE+fWwsJLHcSs8wup:SiRbyXe0yOK0XzexIEnjJHcNg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T192A53306D256887ED2D783709C75C358D252BA31E4B429AE7A036A8FDB2F773AD10343
sha3_384: 01b5a56824211dd6af8d66c52356417bfcca38179738f6d9c60a36271d471ac2e561780dfc2bf9cef7595ff507772260
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:                                                             
FileDescription: FLUCover                                                    
FileVersion: 1.0.5.30            
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

UDS:Trojan-Downloader.Win32.GCleaner.hbz also known as:

LionicTrojan.Win32.GCleaner.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.67306491
FireEyeTrojan.GenericKD.67306491
SkyhighBehavesLike.Win32.ObfuscatedPoly.vc
McAfeeArtemis!DFF08EBBC33A
Cylanceunsafe
SangforDropper.Win32.Agent.V4bt
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDropper:Win32/Nekark.be6874b8
K7GWTrojan ( 005722f11 )
K7AntiVirusTrojan ( 005722f11 )
ArcabitTrojan.Generic.D40303FB
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
CynetMalicious (score: 100)
APEXMalicious
KasperskyUDS:Trojan-Downloader.Win32.GCleaner.hbz
BitDefenderTrojan.GenericKD.67306491
AvastWin32:Trojan-gen
TencentWin32.Trojan-Downloader.Gcleaner.Anhl
EmsisoftTrojan.GenericKD.67306491 (B)
F-SecureTrojan.TR/AD.Nekark.fxkyg
VIPRETrojan.GenericKD.67306491
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
JiangminTrojan.Ekstak.chra
VaristW32/Ekstak.GR.gen!Eldorado
AviraTR/AD.Nekark.fxkyg
KingsoftWin32.Troj.Agent.cks
MicrosoftTrojan:Win32/Wacatac.B!ml
ZoneAlarmUDS:Trojan-Downloader.Win32.GCleaner.hbz
GDataTrojan.GenericKD.67306491
AhnLab-V3Trojan/Win.Malware-gen.R576591
ALYacTrojan.GenericKD.67306491
MAXmalware (ai score=89)
MalwarebytesTrojan.Dropper.Generic
PandaTrj/Chgt.AD
MaxSecureTrojan.Malware.208997399.susgen
FortinetW32/Agent.SLC!tr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS

How to remove UDS:Trojan-Downloader.Win32.GCleaner.hbz?

UDS:Trojan-Downloader.Win32.GCleaner.hbz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment