Trojan

VHO:Trojan.Win32.Witch information

Malware Removal

The VHO:Trojan.Win32.Witch is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Trojan.Win32.Witch virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • A named pipe was used for inter-process communication
  • Enumerates running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Executable file is packed/obfuscated with MPRESS
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Created a process from a suspicious location
  • Uses XCOPY for copying files

How to determine VHO:Trojan.Win32.Witch?



File Info:

name: 5348981148E375FA9B1B.mlw
path: /opt/CAPEv2/storage/binaries/959901d072bee760ffd30b4b03c531f1dc543848a8c3249afc2baedce6911564
crc32: 6C01F36D
md5: 5348981148e375fa9b1bfc066eafa0d7
sha1: 4168f450f449347f242523bf977cb5912724043a
sha256: 959901d072bee760ffd30b4b03c531f1dc543848a8c3249afc2baedce6911564
sha512: 94ace81b859bb26e81414b990a0b9e4b7152ef76ccd9b264b44f0c29d6d6f72cbf0e6c2a33df8a81eee3cf440b52857448c21a0f8845c3bae20b5d2ea6b095c5
ssdeep: 24576:WF931cFfhSGcxMpv2sWXZmCxFT0GTh2FnLD+F251Rfcs6/Az:YySGcxMpLqp0Fn3+05p
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A42522A379A081F8E03ADD73BD43994D2B6B2CF0DE04446DA393F74599B49716EA0273
sha3_384: 4b5b35fae992d28d4d86abf260342253b920cbc87ffb5f8c20bbfb3a43988ff4185c3b276abf0f348b67143e2a7324a5
ep_bytes: 60e80000000058059f0200008b3003f0
timestamp: 2020-04-20 08:27:23


Version Info:

CompanyName: 카리스마조
FileDescription: 문서 탐색기
FileVersion: 1.0.0.0
InternalName: 문서 탐색기
OriginalFilename: Documents.exe
ProductName: 문서 탐색기
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

VHO:Trojan.Win32.Witch also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Witch.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.81414
FireEyeGeneric.mg.5348981148e375fa
McAfeeArtemis!5348981148E3
CylanceUnsafe
SangforTrojan.Win32.Witch.gen
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
Cybereasonmalicious.0f4493
BitDefenderThetaGen:NN.ZexaF.34114.!m1@aGKlRUmj
CyrenW32/Trojan.WXIF-7104
SymantecML.Attribute.HighConfidence
TrendMicro-HouseCallTROJ_GEN.R011C0PA122
Paloaltogeneric.ml
KasperskyVHO:Trojan.Win32.Witch.gen
BitDefenderTrojan.GenericKDZ.81414
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKDZ.81414
EmsisoftTrojan.GenericKDZ.81414 (B)
TrendMicroTROJ_GEN.R011C0PA122
McAfee-GW-EditionGenericRXKE-TZ!DAA0EAFE881C
SophosMal/Generic-S
GDataTrojan.GenericKDZ.81414
JiangminTrojan.Agent.cocc
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1212222
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.3069C19
ViRobotTrojan.Win32.Z.Witch.1031320
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 100)
VBA32BScope.Trojan.Witch
ALYacTrojan.GenericKDZ.81414
MalwarebytesMalware.AI.4090838656
APEXMalicious
RisingTrojan.Witch!8.1225E (CLOUD)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/PossibleThreat
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_60% (W)

How to remove VHO:Trojan.Win32.Witch?

VHO:Trojan.Win32.Witch removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment