What is “UDS:Trojan.Win32.DelShad”?

Malware Removal

The UDS:Trojan.Win32.DelShad is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What UDS:Trojan.Win32.DelShad virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Network activity detected but not expressed in API logs
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

How to determine UDS:Trojan.Win32.DelShad?


File Info:

crc32: 242FB45D
md5: ade3190a07961d1747b0d23249ff42c5
name: ADE3190A07961D1747B0D23249FF42C5.mlw
sha1: 539c8be110e81cf3d35e707ab9ef1d47f41de0c1
sha256: 8780cf400cb69b62e89f00687f092a77d568569000f1b88e4ccb1fdcc58e8457
sha512: 549c5597e37cb3a5578b58f97de42ee70296b2f3d5c75229bc6ca947340b2d27a73b636e8370d6a67ceaf70e9b772396ccc0c6d0a7759410ac87315c27b49711
ssdeep: 49152:hPFqn5RlhTxxAIL1LavdFTrJNCp7xHZ5WqoW8otib6FxGHM82ITfe1OwYJ:9FiX1LxAdFTsvVobPW2M1ceowYJ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 2021
Assembly Version: 1.0.0.0
InternalName: LegionLocker2.1.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: LegionLocker2.1
ProductVersion: 1.0.0.0
FileDescription: LegionLocker2.1
OriginalFilename: LegionLocker2.1.exe

UDS:Trojan.Win32.DelShad also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (W)
Cybereasonmalicious.110e81
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastFileRepMetagen [Malware]
KasperskyUDS:Trojan.Win32.DelShad
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
SophosML/PE-A
F-SecureHeuristic.HEUR/AGEN.1135447
BitDefenderThetaGen:NN.ZexaF.34686.dF0@ayh864bi
McAfee-GW-EditionBehavesLike.Win32.Generic.wc
FireEyeGeneric.mg.ade3190a07961d17
SentinelOneStatic AI – Suspicious PE
WebrootW32.Ransom.Legion
AviraHEUR/AGEN.1135447
eGambitUnsafe.AI_Score_99%
KingsoftWin32.Heur.KVMH008.a.(kcloud)
MicrosoftBackdoor:Win32/Bladabindi!ml
GridinsoftTrojan.Heur!.032100A1
AegisLabTrojan.Win32.Malicious.4!c
ZoneAlarmUDS:DangerousObject.Multi.Generic
Acronissuspicious
McAfeeArtemis!ADE3190A0796
PandaTrj/Genetic.gen
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazoao6/jcHkdDPrCAGRVfnd4)
FortinetW32/Themida.9A83!tr
AVGFileRepMetagen [Malware]
Paloaltogeneric.ml

How to remove UDS:Trojan.Win32.DelShad?

UDS:Trojan.Win32.DelShad removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment