Malware

Troj/Emotet-BZR information

Malware Removal

The Troj/Emotet-BZR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Emotet-BZR virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Possible date expiration check, exits too soon after checking local time
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Troj/Emotet-BZR?



File Info:

crc32: C15B1F0A
md5: 508337fb275333140942036c6585569d
name: b3m6yeygkca.exe
sha1: 65861f33128eda9407318d97eb516930fa7db89a
sha256: 9151fa027c1d6b79923ea5ce013fc3ef0c0b2b041bead35c80644ff02903c937
sha512: 3341de69f8669eaa4f75aec00a8ea2f3026a064f2043f84f3d3b7a10a45e7c88155463ccdcd34a5dcd3e9de48e6938219c792f1d15b6e818ef2eed8ce89cd255
ssdeep: 6144:TgwbGcGVG6UGIIjwQqdtlQ4otcZGUTgcyJQMtB+Hj0U+ASBZi/rrHfhIr6eFzHq:ByjwBlQ4o+ZG4IQSAAfaIr6uN
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2001
InternalName: Privacy
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: Anwendung Privacy
ProductVersion: 1, 0, 0, 1
FileDescription: MFC-Anwendung Privacy
OriginalFilename: Privacy.EXE
Translation: 0x0407 0x04b0

Troj/Emotet-BZR also known as:

MicroWorld-eScanTrojan.Autoruns.GenericKDS.32804724
McAfeeEmotet-FPJ!508337FB2753
MalwarebytesTrojan.TrickBot
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Multi.Generic.4!c
SangforMalware
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.Autoruns.GenericKDS.32804724
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_100% (W)
TrendMicroTROJ_GEN.R01FC0DLE19
BitDefenderThetaGen:NN.ZexaF.33556.Bq1@aOAssHxi
F-ProtW32/Emotet.AJM
SymantecTrojan Horse
TrendMicro-HouseCallTROJ_GEN.R01FC0DLE19
Paloaltogeneric.ml
ClamAVWin.Dropper.Emotet-7446920-0
GDataTrojan.Autoruns.GenericKDS.32804724
KasperskyHEUR:Trojan-Banker.Win32.Emotet.gen
NANO-AntivirusTrojan.Win32.GenKryptik.gledqx
ViRobotTrojan.Win32.Emotet.446464
RisingTrojan.Emotet!1.C078 (CLASSIC)
Ad-AwareTrojan.Autoruns.GenericKDS.32804724
SophosTroj/Emotet-BZR
ComodoMalware@#2a6w451yakadg
F-SecureTrojan.TR/AD.Emotet.ecxd
DrWebTrojan.DownLoader30.51999
ZillyaTrojan.Emotet.Win32.19220
McAfee-GW-EditionEmotet-FNT!508337FB2753
SentinelOneDFI – Suspicious PE
FireEyeGeneric.mg.508337fb27533314
EmsisoftTrojan.Emotet (A)
APEXMalicious
CyrenW32/Emotet.XZCY-2891
JiangminTrojan.Banker.Emotet.mub
WebrootW32.Trojan.Emotet
AviraTR/AD.Emotet.ecxd
Antiy-AVLTrojan/Win32.Wacatac
ArcabitTrojan.Autoruns.GenericS.D1F48F74
ZoneAlarmHEUR:Trojan-Banker.Win32.Emotet.gen
MicrosoftTrojan:Win32/Emotet.DHF!rfn
AhnLab-V3Malware/Win32.Generic.C3635407
ALYacTrojan.Agent.Emotet
MAXmalware (ai score=81)
VBA32TrojanBanker.Emotet
CylanceUnsafe
PandaTrj/Genetic.gen
ESET-NOD32Win32/Emotet.BN
TencentMalware.Win32.Gencirc.10b5eb41
YandexTrojan.GenKryptik!
IkarusTrojan-Banker.Emotet
MaxSecureTrojan.Malware.74736079.susgen
FortinetW32/Malicious_Behavior.VEX
AVGWin32:BankerX-gen [Trj]
AvastWin32:BankerX-gen [Trj]
Qihoo-360HEUR/QVM09.0.EA39.Malware.Gen

How to remove Troj/Emotet-BZR?

Troj/Emotet-BZR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment