Trojan

Win32/TrojanDownloader.Adload.NTX information

Malware Removal

The Win32/TrojanDownloader.Adload.NTX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Adload.NTX virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • A named pipe was used for inter-process communication
  • Starts servers listening on 127.0.0.1:0
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Creates a hidden or system file
  • Detects Bochs through the presence of a registry key
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering

How to determine Win32/TrojanDownloader.Adload.NTX?



File Info:

name: 6EF035AA71D020B0D98F.mlw
path: /opt/CAPEv2/storage/binaries/c2ac6dab8b60e4c62155e4b1be2c3f3d25750f3abeb0170eee32159f908f6d27
crc32: BC8456E7
md5: 6ef035aa71d020b0d98fd269e021642a
sha1: 443ac4ce4fb1b64f64842abc65afcad6135fe0a9
sha256: c2ac6dab8b60e4c62155e4b1be2c3f3d25750f3abeb0170eee32159f908f6d27
sha512: 228bf892e21ee05efacb234e5abaa5cb7da96871f450c680919335e498694d42b3a1efd8e095a85f3cd20a2cb38ee44331eab55f13e49208bdec740ce4fcf425
ssdeep: 768:GXBdITlwqM6Th+VarMDnJDw83y5hkoh7X:MdIB3UVarM7JDwdX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16C93E803EBB5A9E3F866063D4C6F8EA43313B8331620555AAD10DC592CE1E51BA5F2DF
sha3_384: af5e74328bb241ed4f489487a42de927ab0ad2e0b8b81d143bfd4fdd14ad4ebcf0a1882bf6fca859c409ae1ef3cd139c
ep_bytes: 6868214000e8f0ffffff000000000000
timestamp: 2018-09-08 19:22:18


Version Info:

Translation: 0x0409 0x04b0
Comments: A perfect game to improve your math skills, for kids as well as adults.
CompanyName: ancient JK
LegalCopyright: Copyright © 1985-2003 ancient JK Corporation
LegalTrademarks: Copyright protected.
ProductName: Math-Game
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Math-Game
OriginalFilename: Math-Game.exe

Win32/TrojanDownloader.Adload.NTX also known as:

LionicAdware.Win32.DealPly.2!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.6ef035aa71d020b0
CAT-QuickHealTrojan.SkeeyahMF.S3661235
McAfeePUP-XGK-KB
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.Symmi.78804
K7AntiVirusTrojan-Downloader ( 0053bd761 )
BitDefenderGen:Variant.Adware.Bulz.5915
K7GWTrojan-Downloader ( 0053bd761 )
CyrenW32/Trojan.GKM.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Adload.NTX
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.DealPly.drmxk
AlibabaAdWare:Win32/DealPly.d3afc486
NANO-AntivirusRiskware.Win32.DealPly.fhrcua
MicroWorld-eScanGen:Variant.Adware.Bulz.5915
Ad-AwareGen:Variant.Adware.Bulz.5915
SophosGeneric PUA EE (PUA)
ComodoApplication.Win32.AdLoad.TU@7v70mx
DrWebTrojan.DownLoader27.452
ZillyaAdware.DealPly.Win32.170681
TrendMicroTROJ_GEN.R002C0PH321
EmsisoftGen:Variant.Adware.Bulz.5915 (B)
IkarusTrojan-Downloader.Win32.Adload
JiangminAdWare.DealPly.jrbs
MAXmalware (ai score=66)
Antiy-AVLTrojan/Generic.ASMalwS.28BD301
MicrosoftTrojan:Win32/Fareit!ml
GDataGen:Variant.Adware.Bulz.5915
AhnLab-V3Trojan/Win32.Skeeyah.R236985
BitDefenderThetaAI:Packer.3B1FE22A21
ALYacGen:Variant.Adware.Bulz.5915
VBA32Adware.DealPly
MalwarebytesMalware.AI.2085241701
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0PH321
TencentWin32.Adware.Dealply.Wurg
YandexTrojan.GenAsa!UkB0BD4yebs
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetAdware/DealPly
AVGFileRepMetagen [PUP]
Cybereasonmalicious.a71d02
AvastFileRepMetagen [PUP]

How to remove Win32/TrojanDownloader.Adload.NTX?

Win32/TrojanDownloader.Adload.NTX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment