Trojan

Trojan-Banker.Win32.ClipBanker.sdv (file analysis)

Malware Removal

The Trojan-Banker.Win32.ClipBanker.sdv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.ClipBanker.sdv virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan-Banker.Win32.ClipBanker.sdv?



File Info:

name: C38BC13482A7385D53DE.mlw
path: /opt/CAPEv2/storage/binaries/d9058c0dbacb82f1debf8d71b28bd137a58448871e4787341f47d72dc81dd4aa
crc32: F73968E9
md5: c38bc13482a7385d53dee6c23fb2a488
sha1: 311f15df2f8aec414c00b85d5cfc2568680b1cb6
sha256: d9058c0dbacb82f1debf8d71b28bd137a58448871e4787341f47d72dc81dd4aa
sha512: a00177855cff5521b97dd6981211335709078482da90a174eb51c80e1cfcd4a67fcf6b224dbb352ea56b980a9d02742010249ef589fc94e3772921bc98673945
ssdeep: 393216:ovEFplaXo2cr0Sy80cXCtcqsBbp6xCYjO:qk+crJhCtfsBd6xCMO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D2E633CEDC494255E8670BB0B0953F194023BD177A6FB09DA682B534C7B67D2CD3AA0B
sha3_384: 4978910390320a815cda05fa44025b7cc73030208477b288e7fee9d279908c690598ade4781df6f019dd103cd2e65e9c
ep_bytes: 558bec83c4f0b874204200e8746bfeff
timestamp: 2021-01-25 16:28:56


Version Info:

FileDescription: CYRENE - IPS
FileVersion: 1.0.0.0
LegalCopyright: Digit Italia SRL
ProductName: Cyrene - IPS
ProductVersion: 1.0.0.0
Key: 
LegalTrademarks: DIGIT ITALIA SRL - https://www.pensionioggi.it
Translation: 0x0000 0x04b0

Trojan-Banker.Win32.ClipBanker.sdv also known as:

DrWebTrojan.DownLoader43.47645
AlibabaTrojanBanker:Win32/ClipBanker.ce4e1c55
KasperskyTrojan-Banker.Win32.ClipBanker.sdv
AvastFileRepMalware [Misc]
F-SecureTrojan.TR/Spy.Banker.mdqoz
McAfee-GW-EditionArtemis!Trojan
JiangminTrojan.Banker.ClipBanker.buv
AviraTR/Spy.Banker.mdqoz
ZoneAlarmTrojan-Banker.Win32.ClipBanker.sdv
McAfeeArtemis!C38BC13482A7
VBA32Trojan.Downloader
RisingTrojan.ClipBanker!8.5FB (CLOUD)
IkarusTrojan.Spy.Banker
FortinetW32/PossibleThreat
AVGFileRepMalware [Misc]
Cybereasonmalicious.f2f8ae

How to remove Trojan-Banker.Win32.ClipBanker.sdv?

Trojan-Banker.Win32.ClipBanker.sdv removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment