Trojan-Banker.Win32.Emotet.dzum (file analysis)

The Trojan-Banker.Win32.Emotet.dzum file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan-Banker.Win32.Emotet.dzum virus can do?

• Executable code extraction
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• Mimics the system’s user agent string for its own requests
• Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
• Drops a binary and executes it
• The binary likely contains encrypted or compressed data.
• Deletes its original binary from disk
• Attempts to remove evidence of file being downloaded from the Internet
• Attempts to repeatedly call a single API many times in order to delay analysis time
• Installs itself for autorun at Windows startup
• Creates a copy of itself
• Anomalous binary characteristics

How to determine Trojan-Banker.Win32.Emotet.dzum?

General:
Operating System: Windows 7 / 8 / 8.1 / 10
Virus Name: Trj/Genetic.gen


File Info:
Name: jJzhKgExrQegqryqRUF.exe
Size: 190069
Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5: 6cdf6ef92a59050560a1d93105ad3197
SHA1: 5543555fa5cdd4bda8536487b7848400ebb786b5
SH256: 57c5f9ad230edffd90d10fa648f99819aab588cd67dfb68ba9dfec4045b4b5b8
 
Version Info:
 [No Data] 

Trojan-Banker.Win32.Emotet.dzum also known as:

ALYac	Trojan.Agent.Emotet
APEX	Malicious
AVG	Win32:BankerX-gen [Trj]
Acronis	suspicious
Ad-Aware	Trojan.GenericKD.41998152
AhnLab-V3	Trojan/Win32.Emotet.C3554119
Alibaba	Trojan:Win32/Emotet.9244e77a
Antiy-AVL	Trojan/Win32.Casur
Arcabit	Trojan.Generic.D280D748
Avast	Win32:BankerX-gen [Trj]
Avira	TR/AD.Emotet.drydw
BitDefender	Trojan.GenericKD.41998152
BitDefenderTheta	Gen:NN.ZexaE.32250.lKX@a0q!Q5ki
CAT-QuickHeal	Trojan.Casur
CrowdStrike	win/malicious_confidence_80% (W)
Cybereason	malicious.fa5cdd
Cylance	Unsafe
Cyren	W32/Emotet.AAT.gen!Eldorado
DrWeb	Trojan.Emotet.762
ESET-NOD32	a variant of Win32/Kryptik.GYCN
Endgame	malicious (high confidence)
F-Prot	W32/Emotet.AAT.gen!Eldorado
F-Secure	Trojan.TR/AD.Emotet.drydw
FireEye	Generic.mg.6cdf6ef92a590505
Fortinet	W32/TrickBot.CC!tr
GData	Trojan.GenericKD.41998152
Ikarus	Trojan-Banker.Emotet
Jiangmin	Trojan.Banker.Emotet.mej
K7AntiVirus	Trojan ( 0055b1cb1 )
K7GW	Trojan ( 0055b1cb1 )
Kaspersky	Trojan-Banker.Win32.Emotet.dzum
MAX	malware (ai score=84)
Malwarebytes	Trojan.Emotet.Generic
McAfee	Emotet-FOE!6CDF6EF92A59
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.ch
MicroWorld-eScan	Trojan.GenericKD.41998152
Microsoft	Trojan:Win32/Emotet
NANO-Antivirus	Trojan.Win32.Emotet.ggjmzp
Paloalto	generic.ml
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Trojan.e3a
Rising	Trojan.Kryptik!1.BF0A (CLASSIC)
SentinelOne	DFI – Malicious PE
Sophos	Mal/EncPk-APC
Symantec	Trojan Horse
Trapmine	malicious.moderate.ml.score
TrendMicro	TROJ_GEN.R03FC0DKA19
TrendMicro-HouseCall	TROJ_GEN.R03FC0DKA19
VBA32	Trojan.Emotet
VIPRE	Trojan.Win32.Generic!BT
ViRobot	Trojan.Win32.Z.Emotet.190069
Yandex	Trojan.PWS.Emotet!
Zillya	Trojan.Emotet.Win32.18676
ZoneAlarm	Trojan-Banker.Win32.Emotet.dzum

How to remove Trojan-Banker.Win32.Emotet.dzum?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.