What is “Win32/TrojanDownloader.Rugmi.AFB”?

The Win32/TrojanDownloader.Rugmi.AFB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.Rugmi.AFB virus can do?

Authenticode signature is invalid
Anomalous binary characteristics
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/TrojanDownloader.Rugmi.AFB?


File Info:
name: B8E0E2EA1D416BC0D992.mlw
path: /opt/CAPEv2/storage/binaries/388e1ef5e264c3ddc904f43b8980e47c1c633a79cbba91db7acf59f81e2cbe51
crc32: 184CDC81
md5: b8e0e2ea1d416bc0d9929163bf16c84a
sha1: 6b58e8c6b0e93d32e8b79a20838170794be82d0b
sha256: 388e1ef5e264c3ddc904f43b8980e47c1c633a79cbba91db7acf59f81e2cbe51
sha512: 3ddad98c46e0312731a61b1f972cd2d71b6fe6a83d37932fc775f041d523986f494b1f385e2844ab419e5748dd0ec56dbe9b7772a11084a5ccc286248287d221
ssdeep: 98304:BDoGH1WPirCS6Ijt91p2GWNzSC34gdFiiI:RrHSiJXGNNpE/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12316CF52BB01C071E9D202B964BEAB7A197DAD204735C5D397D43D6E88302E33B3B796
sha3_384: 88cebef90b69b19cecf9779d932654e2ed5e64e36d5925e3748a6a5cc7b77d4f819a2245eacf97984d07489a06ce9816
ep_bytes: e8300d0000e97afeffff3b0dc4387b00
timestamp: 2018-06-25 08:31:47

Version Info:
LegalCopyright: Copyright (C) 2021 Valve Corporation
InternalName: steam
FileVersion: 1, 0, 0, 2
CompanyName: Valve Corporation
ProductVersion: 1, 0, 0, 2
FileDescription: Steam
Source Control ID: 7150372
OriginalFilename: steam.exe
ProductName: Steam
Translation: 0x0409 0x04b0

Win32/TrojanDownloader.Rugmi.AFB also known as:

Bkav	W32.Common.E8A6BA16
CAT-QuickHeal	Trojan.Sonbokli
Skyhigh	BehavesLike.Win32.BadFile.rh
McAfee	Artemis!B8E0E2EA1D41
Malwarebytes	Generic.Malware/Suspicious
ESET-NOD32	a variant of Win32/TrojanDownloader.Rugmi.AFB.gen
Rising	Trojan.Generic@AI.90 (RDML:Q/WFQiywsqI3AgA8Zt67PA)
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.VMProtect
Google	Detected
AhnLab-V3	Malware/Win.Generic.C5574048
Cylance	unsafe
Fortinet	W32/Rugmi.AFB!tr.dldr
DeepInstinct	MALICIOUS

How to remove Win32/TrojanDownloader.Rugmi.AFB?

Win32/TrojanDownloader.Rugmi.AFB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X