Trojan

What is “UDS:Trojan.Win32.Brook”?

Malware Removal

The UDS:Trojan.Win32.Brook is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What UDS:Trojan.Win32.Brook virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Possible date expiration check, exits too soon after checking local time
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Attempts to connect to a dead IP:Port (17 unique times)
  • Starts servers listening on 127.0.0.1:0
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Looks up the external IP address
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Executed a process and injected code into it, probably while unpacking
  • Checks for the presence of known windows from debuggers and forensic tools
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Detects VMware through the presence of a registry key
  • Attempts to modify proxy settings
  • Attempts to disable Windows Defender
  • Attempts to create or modify system certificates
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

z.whorecord.xyz
a.tomx.xyz
watira.xyz
ipinfo.io
ip-api.com
www.listincode.com
i.spesgrt.com
www.absyin.com
ferniewebcam.com
4kvideoyoutube.xyz
3freeprivacytoolsforyou.xyz
cdn.discordapp.com
fsstoragecloudservice.com
24643052-4208-477f-9c6c-8ffaba0337a7.s3.ap-northeast-1.amazonaws.com
drkapoorclinic.com
a.goatagame.com
apps.identrust.com
ocsp.digicert.com
statuse.digitalcertvalidation.com
iplogger.org
crl.identrust.com
live.goatgame.live
ocsp.comodoca.com
ocsp.usertrust.com
superstationcity.com
ocsp.sectigo.com
g.symcd.com
most-fast-link-download.com
iplis.ru
proxycheck.io
f.youtuuee.com
gc-prtnrs.top
prophefliloc.tumblr.com
connectini.net
s2.symcb.com
sr.symcd.com

How to determine UDS:Trojan.Win32.Brook?


File Info:

crc32: 19443F8B
md5: a15432e92d18c9f770b06b7fbecf68e5
name: A15432E92D18C9F770B06B7FBECF68E5.mlw
sha1: ea6b2bcfa914ad069a5a4537a2a62ad3c8ac8c07
sha256: 261b33850dd1404b22acfd5fe7e46806dce68f710f9b21b7ec00a264804e2137
sha512: 89c9d0e9a89ce2ba4e395d051b0b569922df871388347815eed2ae1570b32423d4fbfe627d84c3fd0d5ef6b319284a291fc975f05df8a0e3cbb899715fce2227
ssdeep: 98304:J9QcAe8V4gdr3UrxlzQYR7xRKxMuukWUfHmSjXsUud56DO8L:J9bAHDLU0YnRGXfHDcUa56DtL
type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive

Version Info:

0: [No Data]

UDS:Trojan.Win32.Brook also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader40.49527
CynetMalicious (score: 100)
CAT-QuickHealTrojan.Agent
ALYacDropped:Trojan.GenericKD.46739351
SangforRiskware.Win32.Agent.ky
AlibabaTrojan:Win32/CookiesStealer.da696646
Cybereasonmalicious.92d18c
CyrenW32/Zusy.HA.gen!Eldorado
SymantecTrojan.Gen.MBT
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:MalwareX-gen [Trj]
ClamAVWin.Packed.Barys-9859531-0
KasperskyUDS:Trojan.Win32.Brook
BitDefenderDropped:Trojan.GenericKD.46739351
NANO-AntivirusTrojan.Win32.Dwn.ixvygg
MicroWorld-eScanDropped:Trojan.GenericKD.46739351
SophosMal/Generic-R
BitDefenderThetaAI:Packer.785721771F
TrendMicroTROJ_GEN.R011C0PGS21
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
FireEyeGeneric.mg.a15432e92d18c9f7
EmsisoftDropped:Trojan.GenericKD.46739351 (B)
SentinelOneStatic AI – Suspicious PE
WebrootW32.Adware.Gen
AviraTR/AD.VidarStealer.ykaoc
eGambitUnsafe.AI_Score_97%
Antiy-AVLTrojan/Generic.ASMalwS.3444066
KingsoftWin32.Heur.KVM003.a.(kcloud)
MicrosoftTrojan:Win32/Glupteba!ml
ArcabitTrojan.Generic.D2C92F97
ZoneAlarmHEUR:Trojan.Script.Generic
GDataWin32.Trojan.Agent.ERTY1O
AhnLab-V3Trojan/Win.Generic.C4580373
McAfeeArtemis!A15432E92D18
MAXmalware (ai score=80)
VBA32Trojan.Wacatac
MalwarebytesMalware.AI.3432400300
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R011C0PGS21
RisingDropper.Agent/NSIS!1.D805 (CLASSIC)
IkarusTrojan-Downloader.Win32.Agent
FortinetPossibleThreat.MU
AVGWin32:MalwareX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Generic.HyoDCtsA

How to remove UDS:Trojan.Win32.Brook?

UDS:Trojan.Win32.Brook removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment