Win32/TrojanDownloader.Greetyah.A (file analysis)

The Win32/TrojanDownloader.Greetyah.A is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.Greetyah.A virus can do?

At least one process apparently crashed during execution
Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine Win32/TrojanDownloader.Greetyah.A?


File Info:
name: 23885168C6D77FFCA745.mlw
path: /opt/CAPEv2/storage/binaries/18640822f8007c0407fa4bca17d5029f4c4189357085a2e6c71f40fc068d5d64
crc32: D2F11D59
md5: 23885168c6d77ffca745bae49a6804dc
sha1: 06f8e1cf130a01d37afdeaeae6061d271a8d2a7b
sha256: 18640822f8007c0407fa4bca17d5029f4c4189357085a2e6c71f40fc068d5d64
sha512: 534b869dd1cdbe20b5773794b72ab379b0a25e00a32ea13b509d6891578ffd237f37535c03b24808f1c73746b68f4af943e707e571374a5aeee5557b655e3041
ssdeep: 24:e9GSFzdXm9JAYl3PzZ/WaU4zy9IjGoFxTQuwAWoB5MbuWp7uytA0fA5rTVo:Kr24CB9U4zs0HkFoBouWpCkAhTK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T19C5165039958ADE7D3C857F4078B442BFE7308758396C60307B2556551F7B68C63870C
sha3_384: f68ae0be230859f241f411f3321257b7e249669432847d80858c6108e3016dcae36dab47b49de407fc9a46fea71f1751
ep_bytes: b9dd020000be0030400080366146e2fa
timestamp: 1999-01-18 23:51:50

Version Info:
0: [No Data]

Win32/TrojanDownloader.Greetyah.A also known as:

Lionic	Trojan.Win32.Generic.kZ74
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
Cyren	W32/Downloader.BKNZ-6876
Elastic	malicious (moderate confidence)
ESET-NOD32	Win32/TrojanDownloader.Greetyah.A
APEX	Malicious
ClamAV	Win.Downloader.72672-1
Kaspersky	Trojan-Downloader.Win32.Greetyah.a
NANO-Antivirus	Trojan.Win32.Greetyah.hjbk
ViRobot	Trojan.Win32.Downloader.3072.DL
Avast	Win32:Greetman [Trj]
Comodo	TrojWare.Win32.TrojanDownloader.Tiny.~DN@1kngc6
DrWeb	Trojan.GreetCard.3072
Zillya	Downloader.Greetyah.Win32.2
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.23885168c6d77ffc
Sophos	Troj/Dloader-CN
SentinelOne	Static AI – Suspicious PE
Jiangmin	TrojanDownloader.Greetyah.b
Avira	TR/ATRAPS.Gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!23885168C6D7
TACHYON	Trojan-Downloader/W32.Greetyah.3072
Rising	Trojan.Generic@AI.90 (RDML:RRoJtinM4QR8eNXIUwS8dA)
Yandex	TrojDownload.Greetyah.A
Fortinet	W32/Dloader.A!tr
BitDefenderTheta	Gen:NN.ZexaF.34742.amW@auL6QSg
AVG	Win32:Greetman [Trj]
Panda	Generic Malware
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Win32/TrojanDownloader.Greetyah.A?

Win32/TrojanDownloader.Greetyah.A removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X