Malware

About “Troj/Atbot-B” infection

Malware Removal

The Troj/Atbot-B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Atbot-B virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Behavioural detection: Transacted Hollowing
  • Deletes executed files from disk
  • Harvests cookies for information gathering
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Atbot-B?



File Info:

name: FD697A1470EC17B26541.mlw
path: /opt/CAPEv2/storage/binaries/cca3ce76c5d3eb4a3a28451c78c11a1097de73bd5e40a0496aca4b388d1ebca0
crc32: 6DA572F8
md5: fd697a1470ec17b26541f6f97eb2e9a9
sha1: 384f17443de5376b6f5c43f712a6dac56016bbe8
sha256: cca3ce76c5d3eb4a3a28451c78c11a1097de73bd5e40a0496aca4b388d1ebca0
sha512: 59a4c8476e6815ad904264b0e5611b742e88a200e532dcb483b6d6d2e25f4a7efc4385f82cf4ed3c2ff227728f126ce6cdca1bebeb880c4e559e5f6ed732ded2
ssdeep: 24576:ObCj2sObHtqQ4QEfCr7w7yvuqqNq8FroaSaPXRackmrM4Biq7MhLv9GImmVfq4eZ:ObCjPKNqQEfsw43qtmVfq4C
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T12CC5D0C5F2AA40E2DC123FF5582567C78B344E364B3840597BAB3D498F335E6C11AAB6
sha3_384: 8a2449ce318fcad9164b0511f176ada3ab9b4d8a177b95eb44c9f7f767c8536610b631c16dc4aa0393ec91749c16427d
ep_bytes: e837c20000e979feffffcccccccccccc
timestamp: 2010-01-15 16:09:54


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Neil Hodgson neilh@scintilla.org
FileDescription: SciTE - a Scintilla based Text Editor
FileVersion: 1.75
InternalName: SciTE
LegalCopyright: Copyright 1998-2007 by Neil Hodgson
OriginalFilename: SciTE.EXE
ProductName: SciTE
ProductVersion: 1.75

Troj/Atbot-B also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.65207131
ClamAVWin.Trojan.Autoit-6996111-0
FireEyeGeneric.mg.fd697a1470ec17b2
ALYacTrojan.GenericKD.65207131
MalwarebytesBackdoor.Bladabindi
VIPRETrojan.GenericKD.65207131
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 005936091 )
K7GWTrojan ( 005936091 )
CrowdStrikewin/malicious_confidence_100% (W)
VirITTrojan.Win32.AutoIt.GD
CyrenW32/Autoit.JFHF-9022
SymantecML.Attribute.HighConfidence
ESET-NOD32MSIL/Spy.Agent.AGJ
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Win32.Generic
BitDefenderTrojan.GenericKD.65207131
AvastWin32:Evo-gen [Trj]
TencentTrojan.Win32.Sabsik.haq
EmsisoftTrojan.GenericKD.65207131 (B)
F-SecureTrojan.TR/Agent.odipt
DrWebTrojan.Siggen17.49996
TrendMicroTSPY_ATBOT.SMAR5
McAfee-GW-EditionBehavesLike.Win32.Dropper.vm
SophosTroj/Atbot-B
IkarusTrojan.MSIL.Spy
GDataTrojan.GenericKD.65207131
JiangminTrojan.Generic.hqdaw
AviraTR/Agent.odipt
Antiy-AVLTrojan/Autoit.Winmgr.a
ArcabitTrojan.Generic.D3E2FB5B
ZoneAlarmUDS:Trojan.Win32.Generic
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
GoogleDetected
AhnLab-V3Spyware/Win.Atbot.R531437
McAfeeGenericRXAA-FA!FD697A1470EC
MAXmalware (ai score=89)
VBA32Trojan.Autoit.Obfus
Cylanceunsafe
TrendMicro-HouseCallTSPY_ATBOT.SMAR5
RisingTrojan.Obfus/Autoit!1.E083 (CLASSIC)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetAutoIt/Packed.RN!tr
AVGWin32:Evo-gen [Trj]
Cybereasonmalicious.470ec1
PandaTrj/Genetic.gen

How to remove Troj/Atbot-B?

Troj/Atbot-B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment