Backdoor:Win32/Dridex.SF!MTB (file analysis)

Malware Removal

The Backdoor:Win32/Dridex.SF!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Backdoor:Win32/Dridex.SF!MTB virus can do?

  • Executable code extraction
  • Compression (or decompression)
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Unconventionial language used in binary resources: Chinese (Singapore)
  • Exhibits behavior characteristic of Dridex malware
  • Collects information about installed applications
  • Attempts to identify installed AV products by registry key
  • Attempts to modify proxy settings

How to determine Backdoor:Win32/Dridex.SF!MTB?


File Info:

crc32: 4F5B1975
md5: c0cd98937644b9a006f1a0c528f24367
name: C0CD98937644B9A006F1A0C528F24367.mlw
sha1: 5442ca2c51a62087e8d85433bf5bc8000b35bc13
sha256: 668af8eb7482c46f39e843d462b0195a0a5aab0c06dedaa067a74557460f70d9
sha512: bf5e78dc73fbea9bb77ebee3052bd7ed687233f241a60a21fcc349efab3a9c998cb1375a2ce44aeae5abc5adecd405eb6c2ec99dadf80d42d8f6bd97b0f5f86d
ssdeep: 6144:7mNSpKdpoaLDJPjzpsJMXUsBvzaYP1ntPepqj4ew16XZE7jz5dkyih:qJmApzpsWpBvzaYP1lepqj4/QpkjVi
type: PE32 executable (console) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 2017
InternalName: Kerchief
FileVersion: 137, 70, 69, 204
CompanyName: CyberMatrix Corporation, Inc.
ProductVersion: 134, 235, 190, 102
FileDescription: Interned
OriginalFilename: Gander.exe

Backdoor:Win32/Dridex.SF!MTB also known as:

LionicTrojan.Win32.Waldek.4!c
Elasticmalicious (high confidence)
CAT-QuickHealBackdoor.Drixed.M4
ALYacTrojan.TeslaCrypt.Gen.4
CylanceUnsafe
ZillyaTrojan.CryptGen.Win32.1
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_60% (D)
K7GWTrojan ( 004d85141 )
K7AntiVirusTrojan ( 004d85141 )
SymantecTrojan.Gen
ESET-NOD32Win32/Dridex.AA
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyTrojan-Banker.Win32.CoreBot.hb
BitDefenderTrojan.TeslaCrypt.Gen.4
NANO-AntivirusTrojan.Win32.Waldek.eazits
MicroWorld-eScanTrojan.TeslaCrypt.Gen.4
TencentWin32.Trojan.Waldek.Sxyb
Ad-AwareTrojan.TeslaCrypt.Gen.4
SophosML/PE-A + Mal/Ransom-EG
ComodoMalware@#8h5p6q24yur
BitDefenderThetaGen:NN.ZexaF.34142.tq0@aqqV1Mab
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPLOCKY.SM1
McAfee-GW-EditionBehavesLike.Win32.Ransomware.fh
FireEyeGeneric.mg.c0cd98937644b9a0
EmsisoftTrojan.TeslaCrypt.Gen.4 (B)
JiangminTrojan.Waldek.bdd
WebrootW32.Waldek
AviraHEUR/AGEN.1118884
eGambitUnsafe.AI_Score_100%
Antiy-AVLTrojan/Generic.ASSuf.1038E
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftBackdoor:Win32/Dridex.SF!MTB
ArcabitTrojan.TeslaCrypt.Gen.4
GDataTrojan.TeslaCrypt.Gen.4
McAfeeArtemis!C0CD98937644
MAXmalware (ai score=82)
VBA32BScope.TrojanDownloader.Talalpek
PandaTrj/CI.A
TrendMicro-HouseCallRansom_HPLOCKY.SM1
RisingTrojan.Generic@ML.93 (RDML:xWIGd+eBlRXfwkf4l9jrUQ)
FortinetW32/Bourben.MVC!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Backdoor:Win32/Dridex.SF!MTB?

Backdoor:Win32/Dridex.SF!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment