Fake

What is “Win32:FakeAV-EXC [Trj]”?

Malware Removal

The Win32:FakeAV-EXC [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:FakeAV-EXC [Trj] virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Code injection with CreateRemoteThread in a remote process
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Collects and encrypts information about the computer likely to send to C2 server
  • Creates a hidden or system file
  • Collects information to fingerprint the system

How to determine Win32:FakeAV-EXC [Trj]?



File Info:

name: DED9789277258F74AB69.mlw
path: /opt/CAPEv2/storage/binaries/a0d725f26d7ab4d5efae8f5aaf486a83dda8c6fe58045ba2f74e4afa675b5fe3
crc32: 0D4D7208
md5: ded9789277258f74ab690e15298cebef
sha1: 3041ab2fb1c1cd2af06886328a44d22df3d344da
sha256: a0d725f26d7ab4d5efae8f5aaf486a83dda8c6fe58045ba2f74e4afa675b5fe3
sha512: 4e0e4b6c6b819d6493a027b8c2208038cd4c6c6dce85dafc7be0cfce06b1a73826ed4b8100741255512e8720f58241f7f441ab3a3c9525e02edc54306cd5e257
ssdeep: 6144:I+sZuRbTrJsZxCr61vJqQJDrWca3Cpjb0CFBGyjLoRgVt7zRZJ:3tux8QvXD6SpjRO2B7zf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C6423A903151973F814B0303A582FB95F74EDE6ECA0A361719D473AEFF90E7BA40592
sha3_384: 6453e9e1e2333f8ce4f503461f8f0c158248cb76d9d4a3df7537bf4457c09acb4073a7d1630e7d6ba77ffd59a42d9ff1
ep_bytes: 8d0424662d00f0724cb868204000945e
timestamp: 2006-04-18 09:18:53


Version Info:

0: [No Data]

Win32:FakeAV-EXC [Trj] also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.ded9789277258f74
CAT-QuickHealTrojanPWS.Zbot.Gen
McAfeeBackDoor-FBFW!DED978927725
CylanceUnsafe
VIPRETrojan.Win32.Zbot.smb (v)
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0040f72a1 )
AlibabaTrojanPSW:Win32/Kryptik.86f11119
K7GWTrojan ( 0040f72a1 )
CrowdStrikewin/malicious_confidence_100% (W)
BaiduWin32.Trojan.Kryptik.fx
CyrenW32/SuspPack.FP.gen!Eldorado
SymantecPacked.Generic.432
ESET-NOD32a variant of Win32/Kryptik.BKCN
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Tepfer-61
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.VIZ.Gen.1
NANO-AntivirusTrojan.Win32.Urausy.cvlhtc
MicroWorld-eScanTrojan.VIZ.Gen.1
AvastWin32:FakeAV-EXC [Trj]
TencentWin32.Trojan.Generic.Wwof
Ad-AwareTrojan.VIZ.Gen.1
EmsisoftTrojan.VIZ.Gen.1 (B)
ComodoTrojWare.Win32.Kryptik.BLA@52cguh
DrWebTrojan.Packed.24465
ZillyaTrojan.Zbot.Win32.135869
TrendMicroTROJ_KRYPTK.SMN6
McAfee-GW-EditionBehavesLike.Win32.Lockbit.fc
SophosMal/Generic-R + Troj/FakeAV-GWD
SentinelOneStatic AI – Malicious PE
GDataTrojan.VIZ.Gen.1
JiangminTrojan.Generic.ddsvl
WebrootW32.Trojan.VIZ.Gen
AviraTR/Urausy.cctra
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.4338DB
KingsoftWin32.Troj.Zbot.pr.(kcloud)
ArcabitTrojan.VIZ.Gen.1
SUPERAntiSpywareTrojan.Agent/Gen-Zusy
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot!GO
AhnLab-V3Trojan/Win32.Fareit.R82830
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34212.sqW@aiwA5hki
ALYacTrojan.VIZ.Gen.1
VBA32Heur.Trojan.Hlux
MalwarebytesMalware.AI.2436109219
TrendMicro-HouseCallTROJ_KRYPTK.SMN6
RisingTrojan.Antii!1.9D22 (CLASSIC)
YandexTrojan.GenAsa!7havczLeWgs
IkarusTrojan.Crypt
FortinetW32/Kryptik.BDPK!tr
AVGWin32:FakeAV-EXC [Trj]
Cybereasonmalicious.277258
PandaTrj/Tepfer.B
MaxSecureTrojan.Malware.7164915.susgen

How to remove Win32:FakeAV-EXC [Trj]?

Win32:FakeAV-EXC [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment