Malware

Win32:Cridex-R [Trj] removal instruction

Malware Removal

The Win32:Cridex-R [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32:Cridex-R [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32:Cridex-R [Trj]?


File Info:

name: 71205E7C0D5D00EFECEE.mlw
path: /opt/CAPEv2/storage/binaries/23b79cf764e3329e59dbeb92c82c132540db820fe6ad2315ea3e814f3c8694fc
crc32: EE9275B1
md5: 71205e7c0d5d00efeceec053f0f276e0
sha1: 324598c2753e3133ab2ce04c1bc483c0d063fbe0
sha256: 23b79cf764e3329e59dbeb92c82c132540db820fe6ad2315ea3e814f3c8694fc
sha512: 41dceba5654a41665a5ed7b5079232d69c7bb803cb801e77788c5aa804edd6e6c7f46b55578dd6c3cf030a7c9c97ba6c7213fd662f128bc640eec6ac321a8068
ssdeep: 3072:D+P6BaBjW0Du8QysurjQKi3Lz65NR+M4s2cnnpK3Z:DA6EdW0DussurjQKIO5SMlQZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15F14010039ECB693D53343FDB668D79B40ECE9855B900107924C2EDA8D2E6FE176D872
sha3_384: 4e3f446b944a709bbf5da57cce4c514935c9e8128e86f4739383c076a3132067917329287d2551330a5326948519feaf
ep_bytes: 833d6cc4420000754c8b155dc4420085
timestamp: 1992-06-19 22:22:17

Version Info:

0: [No Data]

Win32:Cridex-R [Trj] also known as:

Elasticmalicious (high confidence)
DrWebTrojan.SMSSend.2363
MicroWorld-eScanGen:Variant.Symmi.73936
FireEyeGeneric.mg.71205e7c0d5d00ef
ALYacGen:Variant.Symmi.73936
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 7000000f1 )
K7GWTrojan ( 7000000f1 )
Cybereasonmalicious.c0d5d0
BitDefenderThetaGen:NN.ZexaF.34742.mGX@aqZxPGek
VirITTrojan.Win32.Delf.AGZD
CyrenW32/DelfInject.AM.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32Win32/Spy.Zbot.YW
APEXMalicious
ClamAVWin.Spyware.Zbot-68042
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Symmi.73936
NANO-AntivirusTrojan.Win32.Dapato.wxzyn
RisingSpyware.Voltar!1.AF1D (CLASSIC)
Ad-AwareGen:Variant.Symmi.73936
SophosML/PE-A + Mal/EncPk-AEH
BaiduWin32.Adware.Kryptik.c
ZillyaTrojan.Zbot.Win32.73510
McAfee-GW-EditionBehavesLike.Win32.HLLP.ch
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Symmi.73936 (B)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Symmi.73936
JiangminTrojanDropper.Dapato.kfm
AviraDR/Delphi.Gen7
SUPERAntiSpywareTrojan.Agent/Gen-Kryptik
MicrosoftPWS:Win32/Zbot!CI
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R33893
McAfeePWS-Zbot.gen.aey
MAXmalware (ai score=84)
VBA32Malware-Cryptor.Limpopo
MalwarebytesSpyware.ZeuS
PandaTrj/Pacrypt.D
TencentMalware.Win32.Gencirc.10c452f4
YandexTrojan.GenAsa!bNAJ0zKe00k
IkarusTrojan-Dropper.Delf
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.EQPB!tr
AVGWin32:Cridex-R [Trj]
AvastWin32:Cridex-R [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32:Cridex-R [Trj]?

Win32:Cridex-R [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment