Malware

How to remove “Win32:Downloader-TH [Trj]”?

Malware Removal

The Win32:Downloader-TH [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Downloader-TH [Trj] virus can do?

  • Sample contains Overlay data
  • HTTPS urls from behavior.
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

How to determine Win32:Downloader-TH [Trj]?



File Info:

name: 377FB42842AFE7B7AED5.mlw
path: /opt/CAPEv2/storage/binaries/e88a0817cd5d24fe3fd174f92f880ebbb79dad3f0cf9abd6f6930adad8d11d7f
crc32: A6E13FFD
md5: 377fb42842afe7b7aed56a1b890ae5f6
sha1: 8cdc9d1c2141a4010fc2c91e22643b7a6902e89f
sha256: e88a0817cd5d24fe3fd174f92f880ebbb79dad3f0cf9abd6f6930adad8d11d7f
sha512: 875530e8fa0ea72d30778c7b35cb80685ab6a7b297990e49d336e945ac3c361c96fe7ff6ee8b8b6037df7adfdf50e82fa027e865ee7baaf3e8bd06ab609b85b3
ssdeep: 3072:1YUb5QoJ4g+zp0iBtTy06ZjKIz1ZdW4SrOLVSVpP6e6r:1Yk+tT+hKSZI4zLVSVpPz6r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AD6483462E8CE131DE7016BF2CA816BD6ED14BE9E62239C2D794D15F08DFB1009EF5A4
sha3_384: b3ad038905447867bfc3db963798b5f6cb4f1d38cde1c93cebf6063dc3d73b80576f6a2af4cfa418556518ee35e255c5
ep_bytes: 6a00e821010100a3bc514100e81d0101
timestamp: 2013-09-24 23:04:52


Version Info:

0: [No Data]

Win32:Downloader-TH [Trj] also known as:

BkavW32.AIDetectMalware
tehtrisGeneric.Malware
MicroWorld-eScanGen:Variant.Fugrafa.2889
ClamAVWin.Trojan.Fugrafa-9733007-0
FireEyeGeneric.mg.377fb42842afe7b7
ALYacGen:Variant.Fugrafa.2889
MalwarebytesGeneric.Trojan.Malicious.DDS
VIPREGen:Variant.Fugrafa.2889
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 000002c61 )
BitDefenderGen:Variant.Fugrafa.2889
K7GWTrojan ( 000002c61 )
Cybereasonmalicious.842afe
ArcabitTrojan.Fugrafa.DB49
BitDefenderThetaGen:NN.ZexaF.36196.t4Z@aCf5myd
VirITTrojan.Win32.Click.DWD
CyrenW32/Agent.FRV.gen!Eldorado
SymantecDownloader
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Agent.UY
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Small.ml
NANO-AntivirusTrojan.Win32.Click.gacxgj
RisingBackdoor.Small.hol (CLASSIC)
F-SecureTrojan.TR/Crypt.ZPACK.Gen
DrWebTrojan.Click.2603
ZillyaBackdoor.Small.Win32.11061
McAfee-GW-EditionBehavesLike.Win32.Generic.fm
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Fugrafa.2889 (B)
IkarusBackdoor.Win32.Small
JiangminBackdoor.Small.ix
AviraTR/Crypt.ZPACK.Gen
Antiy-AVLTrojan[Backdoor]/Win32.Small
XcitiumTrojWare.Win32.Agent.ve@4yoq0p
MicrosoftBackdoor:Win32/Small.IR
ViRobotBackdoor.Win32.A.Small.80896
ZoneAlarmBackdoor.Win32.Small.ml
GDataWin32.Trojan.PSE.1620HTT
GoogleDetected
AhnLab-V3Backdoor/Win.Small.C5394100
MAXmalware (ai score=85)
DeepInstinctMALICIOUS
VBA32BScope.Backdoor.Small
Cylanceunsafe
PandaTrj/Genetic.gen
TencentBackdoor.Win32.Small.kc
YandexBackdoor.Small!jvYTRid7Plc
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Agent.U!tr
AVGWin32:Downloader-TH [Trj]
AvastWin32:Downloader-TH [Trj]
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32:Downloader-TH [Trj]?

Win32:Downloader-TH [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment