Categories: Trojan

BScope.TrojanBanker.Bancos information

The BScope.TrojanBanker.Bancos is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What BScope.TrojanBanker.Bancos virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (21 unique times)
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
www.youxiakj.com
www.bing.com
yp77929.com
3338675.com
i.niupic.com
3335663.com
a.tomx.xyz
fmlb.netlbtu.com
crt.sectigo.com
crt.usertrust.com
bit-images.bj.bcebos.com
www.govhechi.cn
www.govkunming.cn
ocsp.digicert.com
statuse.digitalcertvalidation.com
ocsp.digicert.cn
crl.digicert.cn
js.users.51.la
ocsp.comodoca.com
ocsp.usertrust.com
ocsp.sectigo.com
push.zhanzhang.baidu.com
api.share.baidu.com

How to determine BScope.TrojanBanker.Bancos?



File Info:

crc32: A25A6D96md5: 34bc6e3dfee925630e689536ad23d80ename: 34BC6E3DFEE925630E689536AD23D80E.mlwsha1: 1fa499e6be311ebd01bb5e4196fd288194006978sha256: dd0f1752ea774dfe93292e434d69803c044173f5d8b5ad86bbfa6dd2aabae280sha512: 18a17a974e3bbf636e02c6c4ed6edcef50466bdf7850b19ad26c4c2ad29439d96ef4ea48e153847fe036a6f22cc4cdacc35568f8e03b485cffc5936adf1021f6ssdeep: 1536:X3xWuFCjlEyOnI/gD5J2Erw1cCz793laBfKPKJeGMPLehjh:nxWu8utnI/gD5J2EQL793laBfKP6Aehttype: PE32 executable (GUI) Intel 80386, for MS Windows, Petite compressed

Version Info:

Translation: 0x0804 0x04b0InternalName: CF-x7a7fx8d8ax706bx7ebfx89e3x5c01x5668FileVersion: 1.00CompanyName: x8d34x5fc3x79d1x6280397642009ProductName: CF-x7a7fx8d8ax706bx7ebfx89e3x5c01x5668-x5185x90e8x7248ProductVersion: 1.00OriginalFilename: CF-x7a7fx8d8ax706bx7ebfx89e3x5c01x5668.exe

BScope.TrojanBanker.Bancos also known as:

Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (D)
Cybereason malicious.6be311
Symantec ML.Attribute.HighConfidence
Zoner Probably Heur.ExeHeaderH
APEX Malicious
Avast Win32:Malware-gen
Sophos Generic ML PUA (PUA)
Comodo TrojWare.Win32.Injector.KRTE@57zc23
McAfee-GW-Edition BehavesLike.Win32.Sytro.mc
FireEye Generic.mg.34bc6e3dfee92563
SentinelOne Static AI – Malicious PE
Microsoft Trojan:Win32/Wacatac.B!ml
AhnLab-V3 Malware/Win32.Generic.C2538636
McAfee Artemis!34BC6E3DFEE9
VBA32 BScope.TrojanBanker.Bancos
Ikarus Email-Worm.Win32.Indor
AVG Win32:Malware-gen

How to remove BScope.TrojanBanker.Bancos?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: 3335663.com3338675.coma.tomx.xyzapi.share.baidu.combit-images.bj.bcebos.comBScope.TrojanBanker.BancosCF-x7a7fx8d8ax706bx7ebfx89e3x5c01x5668crl.digicert.cncrt.sectigo.comcrt.usertrust.comfmlb.netlbtu.comi.niupic.comjs.users.51.laocsp.comodoca.comocsp.digicert.cnocsp.digicert.comocsp.sectigo.comocsp.usertrust.compush.zhanzhang.baidu.comstatuse.digitalcertvalidation.comwww.bing.comwww.govhechi.cnwww.govkunming.cnwww.youxiakj.comyp77929.comz.whorecord.xyz
3 years ago

Recent Posts

Win32/GenKryptik.GHKI removal

The Win32/GenKryptik.GHKI is considered dangerous by lots of security experts. When this infection is active,…

12 mins ago

About “Malware.AI.1748864991” infection

The Malware.AI.1748864991 is considered dangerous by lots of security experts. When this infection is active,…

41 mins ago

HackTool.MetaSploit removal tips

The HackTool.MetaSploit is considered dangerous by lots of security experts. When this infection is active,…

41 mins ago

What is “Malware.AI.4145117540”?

The Malware.AI.4145117540 is considered dangerous by lots of security experts. When this infection is active,…

44 mins ago

Trojan.Dropper.VPA malicious file

The Trojan.Dropper.VPA is considered dangerous by lots of security experts. When this infection is active,…

58 mins ago

Malware.AI.1545899637 malicious file

The Malware.AI.1545899637 is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago