Trojan

UDS:Trojan-PSW.Win32.Mimikatz.vho removal guide

Malware Removal

The UDS:Trojan-PSW.Win32.Mimikatz.vho is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Trojan-PSW.Win32.Mimikatz.vho virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine UDS:Trojan-PSW.Win32.Mimikatz.vho?



File Info:

name: 6EFAD4FA1300FEDA9AC9.mlw
path: /opt/CAPEv2/storage/binaries/35d66732b6662fb2226f61ef77bdb5392e5a93244c8d39934f4a16569ff3ffae
crc32: 13CD094D
md5: 6efad4fa1300feda9ac9c71909785c35
sha1: 8447e3e16a46e221f54659699d0edb214674fcc0
sha256: 35d66732b6662fb2226f61ef77bdb5392e5a93244c8d39934f4a16569ff3ffae
sha512: e3ea8ed7a1cd92d4902d50c2a58fd9e878187ed63b5a26d55eda893635d69400af8473dccf3bd43f5f280ebfe34c4651052bf3749de110644aa127dae39a4529
ssdeep: 196608:IsIUdXwbqkTs5dcbk8w0iNA+V4F2dgebpvnmbM1WL8dTyCovpNjW4o24AyGLl+Jz:GhCz0oJjFe81uvpNjWVAyGoJIkiD2nd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12DC63343626502A7E480DA32C917BCA033F26FAA9E41ECB949DE7CF01625655F713F93
sha3_384: 4819a56c4de85991ccaacde4c04a46f736f81c7ca3705756fbc4f2cbe6306d48466df5ce2a4d85a42b3c8585965a7326
ep_bytes: 68022b5a40e8c5b807000fca33da6681
timestamp: 2022-02-15 02:45:40


Version Info:

CompanyName: 新浩艺软件技术有限公司
FileDescription: clsmn
FileVersion: 2022,02,15,1036
InternalName: clsmn.exe
LegalCopyright: Copyright (C) 新浩艺软件技术有限公司。
OriginalFilename: clsmn.exe
ProductName: Pubwin OL客户端
ProductVersion: 7.0.36.5
Translation: 0x0804 0x04b0

UDS:Trojan-PSW.Win32.Mimikatz.vho also known as:

BkavW32.Common.69032519
SkyhighArtemis!Trojan
Cylanceunsafe
ZillyaTrojan.Ecipekac.Win64.3
KasperskyUDS:Trojan-PSW.Win32.Mimikatz.vho
AvastWin32:Malware-gen
DrWebTrojan.MulDrop19.62387
JiangminTrojan.Ecipekac.a
ZoneAlarmUDS:Trojan-PSW.Win32.Mimikatz.vho
McAfeeArtemis!6EFAD4FA1300
VBA32TScope.Malware-Cryptor.SB
RisingTrojan.Generic@AI.93 (RDML:x8DP2oOntLHCFGMbpzekxw)
MaxSecureTrojan.Malware.184690674.susgen
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove UDS:Trojan-PSW.Win32.Mimikatz.vho?

UDS:Trojan-PSW.Win32.Mimikatz.vho removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment