Malware

Win32:Swrort-I [Trj] (file analysis)

Malware Removal

The Win32:Swrort-I [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Swrort-I [Trj] virus can do?

  • Attempts to connect to a dead IP:Port (1 unique times)
  • The binary likely contains encrypted or compressed data.
  • Anomalous binary characteristics

How to determine Win32:Swrort-I [Trj]?



File Info:

crc32: 5704A60C
md5: 6c4b3d871f63112d6eb09bb2fd9aa44d
name: 6C4B3D871F63112D6EB09BB2FD9AA44D.mlw
sha1: ca2b1ec5de628c4b434658e27e45b493810e6287
sha256: a597ce103ba92f0d72186bda2535a0d808e47184b968e7a37855c74a592496b6
sha512: 1c582af6940cbf3212cf0ec0a1c69d66971be96cc40d018c38aa908c35daf4d705daa13fa75a5cd1f4f93929e4a3e891f70e13ed5106dfcc720eb2e503123195
ssdeep: 24576:loJBu2XV04jnHW8VwBYcOa3sM6zdYzLhQ0zJ68VQWWRWqMoFzLhQ0zJ68VQWWR/:iu4jHmScOcsfWkq3oRkqa
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright xa9 1997-2020 Simon Tatham.
InternalName: PuTTY
FileVersion: Release 0.74 (with embedded help)
CompanyName: Simon Tatham
ProductName: PuTTY suite
ProductVersion: Release 0.74
FileDescription: SSH, Telnet and Rlogin client
OriginalFilename: PuTTY
Translation: 0x0809 0x04b0

Win32:Swrort-I [Trj] also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
ClamAVWin.Trojan.MSShellcode-6360728-0
McAfeeGenericRXAA-AA!6C4B3D871F63
CylanceUnsafe
SangforMalware
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderWin32.Rozena.B
K7GWTrojan ( 00116c681 )
K7AntiVirusTrojan ( 00116c681 )
ArcabitWin32.Rozena.B
CyrenW32/Rozena.H.gen!Eldorado
SymantecMeterpreter
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Swrort.eratya
ViRobotWin32.Rozena.A
MicroWorld-eScanWin32.Rozena.B
RisingMalware.Heuristic!ET#100% (RDMK:cmRtazrPaSetTEpt3h+Lvd5aaWdw)
Ad-AwareWin32.Rozena.B
SophosML/PE-A + Mal/Swrort-H
F-SecureTrojan.TR/Patched.Gen
DrWebTrojan.Swrort.10
McAfee-GW-EditionBehavesLike.Win32.Sality.tc
FireEyeGeneric.mg.6c4b3d871f63112d
EmsisoftWin32.Rozena.B (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.gapcn
AviraTR/Patched.Gen
MAXmalware (ai score=87)
MicrosoftTrojan:Win32/Meterpreter.A
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Rozena.B
AhnLab-V3Trojan/Win32.RL_Generic.R358531
Acronissuspicious
VBA32BScope.Trojan.Downloader
ALYacWin32.Rozena.B
MalwarebytesMalware.Heuristic.1008
ESET-NOD32a variant of Win32/Rozena.KC.gen
IkarusTrojan.Win64.Meterpreter
FortinetW32/Generic.AP.23ADC0!tr
BitDefenderThetaAI:FileInfector.2395B8760E
AVGWin32:Swrort-I [Trj]
Cybereasonmalicious.71f631
AvastWin32:Swrort-I [Trj]
Qihoo-360HEUR/QVM19.1.0E74.Malware.Gen

How to remove Win32:Swrort-I [Trj]?

Win32:Swrort-I [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment