Trojan

Win32/TrojanDownloader.Wauchos.L removal guide

Malware Removal

The Win32/TrojanDownloader.Wauchos.L is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanDownloader.Wauchos.L virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Queries information on disks, possibly for anti-virtualization
  • Uses IOCTL_SCSI_PASS_THROUGH control codes to manipulate drive/MBR which may be indicative of a bootkit
  • Attempted to write directly to a physical drive
  • Harvests cookies for information gathering
  • Anomalous binary characteristics

How to determine Win32/TrojanDownloader.Wauchos.L?



File Info:

name: 1B813F1CCE75B931B39B.mlw
path: /opt/CAPEv2/storage/binaries/8bf97bdf75eedbe457a0a715b6c39f4945106e0f244a7a14108e5c7730e8004b
crc32: D22C2C87
md5: 1b813f1cce75b931b39b3a43692276c9
sha1: 89cd239a2e49981dd93e23304cc3cf35f9c18287
sha256: 8bf97bdf75eedbe457a0a715b6c39f4945106e0f244a7a14108e5c7730e8004b
sha512: 618e96fe5c5c6a4c7885c928dd634a0fbece2dc6c9328181da20fb14ce2eddc91b9197c56a361c394e8a5821f19486a309d0e2943a1585521bfa23591479940d
ssdeep: 6144:832udsj2222222222x+BFobs3u2LZDNqXsUQGsGq310e8dDnVZ:8tM2222222222QFk9QZRuLQpydDVZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17634014437589503D62C2F78089BDD25AEA5ED361B2482FF37A7F72E4F75610BA1602C
sha3_384: bb6cdbfa0453603d31c82d42f28913ce6fcc6943528f77c807882f6d52f6e425d9f2a5b2dcc85cba5b8449c91ffd73b4
ep_bytes: 6801504500e801000000c3c3fbb4020d
timestamp: 2013-08-30 07:41:40


Version Info:

ProductName: WinRAR
CompanyName: Alexander Roshal
FileDescription: WinRAR archiver
FileVersion: 5.0.0
ProductVersion: 5.0.0
InternalName: WinRAR
LegalCopyright: Copyright © Alexander Roshal 1993-2013
OriginalFilename: WinRAR.exe
Translation: 0x0409 0x04e4

Win32/TrojanDownloader.Wauchos.L also known as:

LionicTrojan.Win32.Androm.m!c
MicroWorld-eScanTrojan.GenericKD.1348551
FireEyeGeneric.mg.1b813f1cce75b931
ALYacTrojan.GenericKD.1348551
CylanceUnsafe
ZillyaBackdoor.Androm.Win32.20426
SangforWorm.Win32.Gamarue.F
K7AntiVirusTrojan-Downloader ( 0043f6bc1 )
AlibabaWorm:Win32/Gamarue.b89a9d22
K7GWTrojan-Downloader ( 0043f6bc1 )
Cybereasonmalicious.cce75b
BitDefenderThetaGen:NN.ZexaF.34294.oC0aauWUIuh
CyrenW32/Trojan.UEDW-2109
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Wauchos.L
TrendMicro-HouseCallWORM_GAMARUE.HZ
Paloaltogeneric.ml
KasperskyBackdoor.Win32.Androm.azmm
BitDefenderTrojan.GenericKD.1348551
NANO-AntivirusTrojan.Win32.Androm.croaoq
AvastWin32:Dropper-gen [Drp]
TencentWin32.Backdoor.Androm.Eadt
Ad-AwareTrojan.GenericKD.1348551
SophosMal/Generic-R + W32/Gamarue-BX
ComodoMalware@#3hc8xe4kpzb1z
DrWebBackDoor.Andromeda.178
VIPRETrojan.Win32.Generic!BT
TrendMicroWORM_GAMARUE.HZ
McAfee-GW-EditionGeneric.ru
EmsisoftTrojan.GenericKD.1348551 (B)
IkarusTrojan-Spy.Zbot
WebrootW32.Rogue.Gen
AviraTR/Rogue.1348551
MAXmalware (ai score=100)
Antiy-AVLTrojan/Generic.ASMalwS.4FC7F1
KingsoftWin32.Hack.Androm.az.(kcloud)
MicrosoftWorm:Win32/Gamarue.F
APEXMalicious
GDataWin32.Trojan.Agent.4KELK8
CynetMalicious (score: 100)
McAfeeGeneric.ru
VBA32Backdoor.Androm
RisingMalware.FakeXLS/ICON!1.9C3D (CLASSIC)
YandexTrojan.GenAsa!Y1o1C9qraFo
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Backdoor
FortinetW32/Wauchos.L!tr.dldr
AVGWin32:Dropper-gen [Drp]
PandaTrj/WLT.A

How to remove Win32/TrojanDownloader.Wauchos.L?

Win32/TrojanDownloader.Wauchos.L removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment