Malware

What is “Win32/Rozena.BJG”?

Malware Removal

The Win32/Rozena.BJG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Rozena.BJG virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Win32/Rozena.BJG?



File Info:

name: 5B923AB17A8ED6B16CE1.mlw
path: /opt/CAPEv2/storage/binaries/eadd18930f7b022c7ea189d35e507cfad2eb3589527f208364f54b7f768214d7
crc32: 3792DBE9
md5: 5b923ab17a8ed6b16ce1c6d8ba90b91f
sha1: 5d1d8999ae7f0ac5cbf82bd4dcd7b90a9ba831fd
sha256: eadd18930f7b022c7ea189d35e507cfad2eb3589527f208364f54b7f768214d7
sha512: 2a4bd15b0320997e7d0596dffee56364ce45c80bdb2133a679dab814f382ad6f36542c577e19d10eb8a86a36ad3e0306912457368fca805ee239ff2103142aff
ssdeep: 768:IRFir0MDRo8GITrRTe3zkQl8oolnixCp7it8w5rZY/Cpa/BXjYg7eLB4jaM0nTcI:IarTDRLTct2lixCFWrqVMgK1iq3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F723F10B8BCC1095E3F762BE17B92B60977FFCD059380A6C4F3510EF2C14502AA94B68
sha3_384: 86610b2394f89bad9ab2405e69023ab4d654461e45e4eba5ab793a39ff0e9d608f7ecd3c7b309713495b8c9f876bc569
ep_bytes: 60be00d040008dbe0040ffff5783cdff
timestamp: 2009-03-20 11:20:22


Version Info:

Comments: Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName: Apache Software Foundation
FileDescription: ApacheBench command line utility
FileVersion: 2.2.14
InternalName: ab.exe
LegalCopyright: Copyright 2009 The Apache Software Foundation.
OriginalFilename: ab.exe
ProductName: Apache HTTP Server
ProductVersion: 2.2.14
Translation: 0x0409 0x04b0

Win32/Rozena.BJG also known as:

MicroWorld-eScanGen:Variant.Razy.600488
FireEyeGeneric.mg.5b923ab17a8ed6b1
CAT-QuickHealTrojan.Swrort.A
ALYacGen:Variant.Razy.600488
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 001172b51 )
K7GWTrojan ( 001172b51 )
Cybereasonmalicious.17a8ed
BitDefenderThetaGen:NN.ZexaF.34646.cmKfaeGBtXki
CyrenW32/Swrort.B.gen!Eldorado
SymantecPacked.Generic.347
Elasticmalicious (moderate confidence)
ESET-NOD32a variant of Win32/Rozena.BJG
APEXMalicious
ClamAVWin.Trojan.Swrort-5710536-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Razy.600488
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Generic.Bwnw
Ad-AwareGen:Variant.Razy.600488
EmsisoftGen:Variant.Razy.600488 (B)
ComodoTrojWare.Win32.Rozena.A@4jwdqr
VIPREGen:Variant.Razy.600488
TrendMicroBKDR_SWRORT.SM
McAfee-GW-EditionBehavesLike.Win32.Swrort.pc
Trapminemalicious.high.ml.score
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Razy.600488
WebrootW32.Trojan.Swrort.Gen
GoogleDetected
AviraTR/Crypt.ZPACK.Gen
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win32.Bifrose.R12476
McAfeeSwrort.d
MAXmalware (ai score=84)
VBA32Trojan.Packed
MalwarebytesMalware.AI.1592655575
TrendMicro-HouseCallBKDR_SWRORT.SM
RisingTrojan.Crypto!8.364 (TFE:5:qRUE1u5wYD)
YandexTrojan.GenAsa!O0/tdGI4TGA
IkarusTrojan.Win32.Swrort
MaxSecureTrojan.Malware.300983.susgen
FortinetMalwThreat!0971IV
AVGWin32:Evo-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Rozena.BJG?

Win32/Rozena.BJG removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment