Malware

ML/PE-A + Troj/Emotet-CTF information

Malware Removal

The ML/PE-A + Troj/Emotet-CTF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What ML/PE-A + Troj/Emotet-CTF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the Emotet malware family
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine ML/PE-A + Troj/Emotet-CTF?



File Info:

name: 8ABA6772B6E62332B127.mlw
path: /opt/CAPEv2/storage/binaries/73fcb2771d62bcba28978e483fe0e3a55eec9865c6729cf056617ba75badc1cf
crc32: 40D88463
md5: 8aba6772b6e62332b127520ed6fd04f4
sha1: aca040ebb43a54e6f3d76d35663112d5b9ab442a
sha256: 73fcb2771d62bcba28978e483fe0e3a55eec9865c6729cf056617ba75badc1cf
sha512: c77539ba347e8e1567e518cd9c144f09df8e506633d9541fb451a872e730512e646e062a5c8a5bbc90152fc5937c2fd21ccad8b774d9b4cd503c69a3e0ac8029
ssdeep: 12288:PAmfcWKEI0uifw9bwXyXotB3JoqsteLMn:PAbJbbifw+XyK3Wzln
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EC848C1277E0C436C26235724A77E3B16AAEBC719E75534B7BC02B7D9E701C18A3831A
sha3_384: 490fd5662334b176e748ce7b1cf6f8ca8bb6c84826e1e88d3aacd2ba91daece9cc7b99440b1533077d7f0f12fcd8264f
ep_bytes: e89d9e0000e978feffff6a0c68e82044
timestamp: 2020-11-05 21:53:48


Version Info:

CompanyName: 
FileDescription: Trainer_Desperados MFC Application
FileVersion: 1, 0, 0, 1
InternalName: Trainer_Desperados
LegalCopyright: Copyright (C) 1901
LegalTrademarks: 
OriginalFilename: Trainer_Desperados.EXE
ProductName: Trainer_Desperados Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0407 0x04b0

ML/PE-A + Troj/Emotet-CTF also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.71255
FireEyeGeneric.mg.8aba6772b6e62332
ALYacTrojan.GenericKDZ.71255
K7AntiVirusTrojan ( 0055e3b01 )
K7GWTrojan ( 0055e3b01 )
Cybereasonmalicious.2b6e62
CyrenW32/Emotet.AWW.gen!Eldorado
SymantecTrojan.Trickybot
ESET-NOD32Win32/Emotet.CB
APEXMalicious
ClamAVWin.Dropper.Emotet-9789387-0
KasperskyHEUR:Trojan-Banker.Win32.Emotet.gen
BitDefenderTrojan.GenericKDZ.71255
NANO-AntivirusTrojan.Win32.Emotet.ibkljo
SUPERAntiSpywareTrojan.Agent/Gen-Emotet
TencentMalware.Win32.Gencirc.10ce12a2
Ad-AwareTrojan.GenericKDZ.71255
SophosML/PE-A + Troj/Emotet-CTF
DrWebTrojan.DownLoader35.17703
McAfee-GW-EditionEmotet-FRP!8ABA6772B6E6
EmsisoftTrojan.GenericKDZ.71255 (B)
IkarusTrojan-Banker.Emotet
GDataTrojan.GenericKDZ.71255
JiangminTrojan.Banker.Emotet.phu
AviraHEUR/AGEN.1139683
Antiy-AVLTrojan/Generic.ASMalwS.30FE041
MicrosoftTrojan:Win32/EmotetCrypt.ARJ!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R355128
McAfeeEmotet-FRP!8ABA6772B6E6
MAXmalware (ai score=87)
VBA32BScope.TrojanBanker.Emotet
MalwarebytesTrojan.TrickBot
RisingTrojan.Generic@ML.96 (RDML:cmOMfKZEHx8TDEE2sQPdfQ)
SentinelOneStatic AI – Malicious PE
FortinetW32/Kryptik.HEOE!tr
BitDefenderThetaGen:NN.ZexaCO.34062.yu0@aukqdyxi
PandaTrj/Emotet.C

How to remove ML/PE-A + Troj/Emotet-CTF?

ML/PE-A + Troj/Emotet-CTF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment