Trojan

Win32/TrojanProxy.JpiProx.B information

Malware Removal

The Win32/TrojanProxy.JpiProx.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/TrojanProxy.JpiProx.B virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Win32/TrojanProxy.JpiProx.B?



File Info:

name: 138A292B5308EC0FC4DC.mlw
path: /opt/CAPEv2/storage/binaries/7a63d318e80826e17bb8888a5c5f281edc52e64c1f765e61139e6225f2286848
crc32: A7A5E191
md5: 138a292b5308ec0fc4dc97e29cdb97fc
sha1: 49f5412105b3d5172d2eb1bd7227d2c1c1e198ea
sha256: 7a63d318e80826e17bb8888a5c5f281edc52e64c1f765e61139e6225f2286848
sha512: 6547e0cb80d1af690e83d82068ee2266e477a2c1049950145f16f68aa906d6907eeb3d3f618efcef150978ddc70602ae901b074ee823f0e604db9cf7fc993a01
ssdeep: 12288:h1OgLdaO3uunhwyAcnpDcorrLWweor+SVhZJy5rzELMMzUDX3WsN1eotj:h1OYdaOeuRx+oz5HVhuzAVoLHXtj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17215022279E1C472D65310318A99AFE1F5F9F6240B31458BBBC90E2D3F39AA5D327742
sha3_384: f931577c3cbf43d8d91af9c3816a1f01ce45a31fd894e08df179517d1b9b61f8dd912543e78ea9af75b68a0dc50914e4
ep_bytes: 558bec6aff68e0b94100682c4a410064
timestamp: 2010-11-18 16:27:35


Version Info:

CompanyName: Igor Pavlov
FileDescription: 7z Setup SFX
FileVersion: 9.20
InternalName: 7zS.sfx
LegalCopyright: Copyright (c) 1999-2010 Igor Pavlov
OriginalFilename: 7zS.sfx.exe
ProductName: 7-Zip
ProductVersion: 9.20
Translation: 0x0409 0x04b0

Win32/TrojanProxy.JpiProx.B also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Wepa.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Trojan.GenericKD.1747035
ClamAVWin.Trojan.Bicololo-11
FireEyeDropped:Trojan.GenericKD.1747035
CAT-QuickHealTrojanDropper.Haed.A5
SkyhighBehavesLike.Win32.Dropper.cc
McAfeeArtemis!138A292B5308
MalwarebytesGeneric.Malware.AI.DDS
SangforSuspicious.Win32.Save.ins
K7AntiVirusProxy-Program ( 004efb261 )
AlibabaTrojan:Win32/JpiProx.725ddc9b
K7GWProxy-Program ( 004efb261 )
CrowdStrikewin/malicious_confidence_60% (D)
VirITTrojan.Win32.MulDrop5.TFB
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanProxy.JpiProx.B
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Wepa.b
BitDefenderDropped:Trojan.GenericKD.1747035
NANO-AntivirusTrojan.Win32.Wepa.dbicod
AvastWin32:Malware-gen
TencentWin32.Trojan.Wepa.Xtjl
EmsisoftDropped:Trojan.GenericKD.1747035 (B)
F-SecureTrojan.TR/Rogue.327168.3
DrWebTrojan.Siggen6.19313
VIPREDropped:Trojan.GenericKD.1747035
SophosMal/Generic-S (PUA)
GDataDropped:Trojan.GenericKD.1747035
GoogleDetected
AviraADWARE/Adware.Gen7
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Wepa
KingsoftWin32.Trojan.Wepa.a
XcitiumTrojWare.Win32.Wepa.CDE@5hxtmg
ArcabitTrojan.Generic.D1AA85B
ZoneAlarmTrojan.Win32.Wepa.b
MicrosoftTrojan:Win32/Tiggre!rfn
VaristW32/Trojan.AMNU-6634
BitDefenderThetaGen:NN.ZexaF.36744.tuW@a84KZlpi
ALYacDropped:Trojan.GenericKD.1747035
VBA32Adware.MultiPlug
Cylanceunsafe
PandaTrj/CI.A
RisingTrojan.Proxy-JpiProx!8.32BC (TFE:5:lZ5MKAlHaPJ)
IkarusPUA.Monetizer.Gen7
MaxSecureAdware.JS.MultiPlug.P
FortinetW32/Wepa.B!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Win32/TrojanProxy.JpiProx.B?

Win32/TrojanProxy.JpiProx.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment