Trojan

VHO:Trojan.Win32.Hesv removal

Malware Removal

The VHO:Trojan.Win32.Hesv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Trojan.Win32.Hesv virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs

Related domains:

wpad.local-net

How to determine VHO:Trojan.Win32.Hesv?



File Info:

name: C5D1F5A0DBAF59A9BA39.mlw
path: /opt/CAPEv2/storage/binaries/6aaf4529b14db8c47e26b70d544097313eb4155ad0511eff81c268c35cd21dca
crc32: B6597ED4
md5: c5d1f5a0dbaf59a9ba39048e23e261d5
sha1: 404e551e96764d48235b79b80de092e43ee809e6
sha256: 6aaf4529b14db8c47e26b70d544097313eb4155ad0511eff81c268c35cd21dca
sha512: 812cc2835cb35568ec97964415505dd8153d52688f866007a916478d2ddf94a5c210376b5e015fc4f2f2fe10814ea80c5b07105d90e8c9edcdc60f5ca825c7a7
ssdeep: 24576:ffXsom2zBhpmL3nhuY4soE/7L0k2fTWUD5woy:fPm2z/KuI/7L92fK+5woy
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11015F172375CEC87DF020030C5CF456E978AEC3E4A2986E9B9377646A4B1897A71BD34
sha3_384: 5b15472278184d48553e741c47486cd3d6cb65bab356576e8bfd9fe75c21114e167695ad242cafb0ecbbe06593b14210
ep_bytes: 60be003047008dbe00e0f8ff5783cdff
timestamp: 2006-08-13 12:02:58


Version Info:

FileDescription: 
FileVersion: 3, 2, 0, 1
Translation: 0x0809 0x04b0

VHO:Trojan.Win32.Hesv also known as:

LionicTrojan.Win32.Hesv.4!c
MicroWorld-eScanTrojan.GenericKD.38138590
FireEyeTrojan.GenericKD.38138590
ALYacTrojan.GenericKD.38138590
Cybereasonmalicious.e96764
APEXMalicious
KasperskyVHO:Trojan.Win32.Hesv.gen
BitDefenderTrojan.GenericKD.38138590
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.38138590
SophosMal/Generic-R
EmsisoftTrojan.GenericKD.38138590 (B)
GDataTrojan.GenericKD.38138590
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Mamson.A!ml
MAXmalware (ai score=85)
VBA32Trojan.Hesv
TrendMicro-HouseCallTROJ_GEN.R002H0CL221
eGambitUnsafe.AI_Score_99%
FortinetW32/PossibleThreat
AVGWin32:Malware-gen

How to remove VHO:Trojan.Win32.Hesv?

VHO:Trojan.Win32.Hesv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment