About “Win32/TrojanDownloader.Small.BOD” infection

The Win32/TrojanDownloader.Small.BOD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/TrojanDownloader.Small.BOD virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Attempts to modify proxy settings

How to determine Win32/TrojanDownloader.Small.BOD?


File Info:
name: 1F6E74D128E4E56DED08.mlw
path: /opt/CAPEv2/storage/binaries/c14d0ce68b6d151f9a51d76d93ebc91191c24d99a2f937516d213e13994bc2de
crc32: 7C8B1D29
md5: 1f6e74d128e4e56ded0870ab2625e545
sha1: 4d000937de004fd302ce4e03e6627a5653620868
sha256: c14d0ce68b6d151f9a51d76d93ebc91191c24d99a2f937516d213e13994bc2de
sha512: 1aed14733759f57a4fc700bb4e5aa346f8d99a5fa50f901343d6ea2e2136a593a9486e7f533e13b1c663f40d62a1ab8798a3d2a1249c17d3a3411c25ed31e570
ssdeep: 1536:O5EZ3A0lW+/EaOaO3hPTppCucgiCcJynEOOqJDEdcwYJdFAsWwcdaMxdhrpU:O5/+//9OJKHgn3nEx+DoodaaMxdhp
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1B0736B02B9D1C472E4735E360870DBA09E2EF9211E24DEBB2798076E4F740D19E35E7A
sha3_384: 8e4ec35e1531b620eeebe3ad298e4db31655f45248fd64c6c3141769780087e233e436d336a458185024454c230a0dad
ep_bytes: e88d020000e97afeffff558beca11840
timestamp: 2023-02-26 00:39:40

Version Info:
CompanyName: TODO: 
FileDescription: TODO: 
FileVersion: 1.0.0.1
InternalName: bypass36.exe
LegalCopyright: Copyright (C) 2023
OriginalFilename: bypass36.exe
ProductName: TODO: 
ProductVersion: 1.0.0.1
Translation: 0x0804 0x04b0

Win32/TrojanDownloader.Small.BOD also known as:

Lionic	Trojan.Win32.Agent.Y!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mint.Zard.24
Skyhigh	BehavesLike.Win32.NetLoader.lh
McAfee	Artemis!1F6E74D128E4
Malwarebytes	Generic.Malware/Suspicious
Zillya	Downloader.Agent.Win32.506025
Sangfor	Downloader.Win32.Small.V6on
K7AntiVirus	Trojan-Downloader ( 0059f8ca1 )
Alibaba	TrojanDownloader:Win32/Generic.e7c52a11
K7GW	Trojan-Downloader ( 0059f8ca1 )
Cybereason	malicious.128e4e
BitDefenderTheta	Gen:NN.ZexaF.36802.eu0@ay50jrcj
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Small.BOD
Kaspersky	Trojan-Downloader.Win32.Agent.xyanfe
BitDefender	Gen:Heur.Mint.Zard.24
NANO-Antivirus	Trojan.Win32.Small.jwcuhd
Avast	FileRepMalware [Misc]
Tencent	Malware.Win32.Gencirc.13b12b4e
Emsisoft	Gen:Heur.Mint.Zard.24 (B)
F-Secure	Trojan.TR/Dldr.Small.kiixb
VIPRE	Gen:Heur.Mint.Zard.24
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.1f6e74d128e4e56d
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
MAX	malware (ai score=81)
Jiangmin	Backdoor.RA-Based.ft
Google	Detected
Avira	TR/Dldr.Small.kiixb
Varist	W32/ABRisk.FRSB-6756
Antiy-AVL	Trojan[Downloader]/Win32.Small
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.Mint.Zard.24
ZoneAlarm	Trojan-Downloader.Win32.Agent.xyanfe
GData	Gen:Heur.Mint.Zard.24
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C5381081
VBA32	suspected of Trojan.Downloader.gen
Cylance	unsafe
Panda	Trj/Chgt.AD
Rising	Downloader.Convagent!8.123D1 (TFE:5:jhyIj2F5GDM)
Ikarus	Trojan-Downloader.Win32.Small
MaxSecure	Trojan.Malware.202465540.susgen
Fortinet	W32/Small.BOD!tr.dldr
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan.Win.UnkAgent

How to remove Win32/TrojanDownloader.Small.BOD?

Win32/TrojanDownloader.Small.BOD removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X