Malware

What is “Troj/Emotet-CPB”?

Malware Removal

The Troj/Emotet-CPB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Emotet-CPB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Attempts to modify proxy settings

How to determine Troj/Emotet-CPB?



File Info:

crc32: 44AEA1D8
md5: a5ff92b14879a70b8e1dc3237d688c63
name: upload_file
sha1: 80ae2b40b557c4260c549ba31b1e244f16cd70de
sha256: eb288744d82e160a2080c1700f4e4248adeb2a25f7176598f409337deac56a63
sha512: 4b7f3d525dbdee5d056c2fa51846618ae40a086a8d9acd801ab1d4a0d3528116e4df89d9ffb1596bf132176bb980595cd0b313d21c25d05a62fbd35198b562f7
ssdeep: 12288:qm7T56Fa9GVjnSy64Vki8cxFGWMnKHWMtlCRXB:Z7TIFQQj3rT8DWMnKHWMtlCRR
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2003
InternalName: EffectDemo
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: EffectDemo Application
ProductVersion: 1, 0, 0, 1
FileDescription: EffectDemo MFC Application
OriginalFilename: EffectDemo.EXE
Translation: 0x0409 0x04b0

Troj/Emotet-CPB also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.34644039
ALYacTrojan.GenericKD.34644039
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
K7AntiVirusTrojan ( 005600261 )
BitDefenderTrojan.GenericKD.34644039
K7GWTrojan ( 005600261 )
TrendMicroTrojan.Win32.WACATAC.THJODBO
CyrenW32/Trickbot.CO.gen!Eldorado
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:BankerX-gen [Trj]
ClamAVWin.Trojan.Emotet-9770154-0
KasperskyHEUR:Trojan-Banker.Win32.Emotet.gen
AlibabaTrojan:Win32/EmotetCrypt.b21c07e2
ViRobotTrojan.Win32.Z.Wacatac.884736.AG
Ad-AwareTrojan.GenericKD.34644039
EmsisoftTrojan.Emotet (A)
F-SecureTrojan.TR/Crypt.Agent.nwlyy
DrWebTrojan.DownLoader34.57428
InvinceaMal/Generic-S + Troj/Emotet-CPB
McAfee-GW-EditionBehavesLike.Win32.Emotet.ch
FireEyeGeneric.mg.a5ff92b14879a70b
SophosTroj/Emotet-CPB
JiangminTrojan.Banker.Emotet.neh
AviraTR/Crypt.Agent.nwlyy
Antiy-AVLTrojan[Banker]/Win32.Emotet
MicrosoftTrojan:Win32/EmotetCrypt.ARK!MTB
ArcabitTrojan.Generic.D210A047
ZoneAlarmHEUR:Trojan-Banker.Win32.Emotet.gen
GDataTrojan.GenericKD.34644039
CynetMalicious (score: 90)
AhnLab-V3Malware/Win32.Generic.C4202509
McAfeeEmotet-FSF!A5FF92B14879
MAXmalware (ai score=85)
VBA32BScope.Trojan.Cometer
MalwarebytesTrojan.MalPack.TRE
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Kryptik.HGMO
TrendMicro-HouseCallTrojan.Win32.WACATAC.THJODBO
RisingTrojan.Generic@ML.96 (RDML:4zMVYT1SKXMC6HFiWumuwA)
IkarusTrojan.Win32.Krypt
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Emotet.FSF!tr
BitDefenderThetaGen:NN.Zextet.34282.2q0@aqIp1vij
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml

How to remove Troj/Emotet-CPB?

Troj/Emotet-CPB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment