Categories: Trojan

About “Trojan-Banker.Win32.Emotet.eahp” infection

The Trojan-Banker.Win32.Emotet.eahp file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan-Banker.Win32.Emotet.eahp virus can do?

Executable code extraction
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
Mimics the system’s user agent string for its own requests
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Drops a binary and executes it
Deletes its original binary from disk
Attempts to remove evidence of file being downloaded from the Internet
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a copy of itself
Anomalous binary characteristics

How to determine Trojan-Banker.Win32.Emotet.eahp?

General:

Operating System: Windows 7 / 8 / 8.1 / 10 Virus Name: Trojan.Generic@ML.94 (RDML:eMZ9PTKEj980fnzBgUVmXw)

File Info:

Name: l1qhec13plss2ox.exe

Size: 748833

Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

MD5: 0b3acf106862142bab65f25c3d5f33d9

SHA1: e99274eaee1358a70efc98d569aab35318e9b1ec

SH256: a87b30775c08fab67e47690165049f857f175524a32b18c4d6aa7e8efeaca20f

Version Info:

[No Data]

Trojan-Banker.Win32.Emotet.eahp also known as:

ALYac	Trojan.Agent.Emotet
AVG	FileRepMalware
Ad-Aware	Trojan.Autoruns.GenericKDS.32704618
AegisLab	Trojan.Win32.Emotet.L!c
AhnLab-V3	Trojan/Win32.Emotet.R298664
Alibaba	Trojan:Win32/Emotet.6c6bf3bb
Antiy-AVL	Trojan/Win32.Casur
Arcabit	Trojan.Autoruns.GenericS.D1F3086A
Avira	TR/AD.Emotet.owart
BitDefender	Trojan.Autoruns.GenericKDS.32704618
BitDefenderTheta	Gen:NN.ZexaCO3.32249.TOX@aWtJ6dl
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.aee135
Cyren	W32/Kryptik.AQA.gen!Eldorado
DrWeb	Trojan.Emotet.775
ESET-NOD32	a variant of Win32/Kryptik.GYEZ
Endgame	malicious (high confidence)
F-Prot	W32/Emotet.AAV.gen!Eldorado
F-Secure	Trojan.TR/AD.Emotet.owart
FireEye	Generic.mg.0b3acf106862142b
Fortinet	W32/Dapato.PZNU!tr
GData	Trojan.Autoruns.GenericKDS.32704618
Ikarus	Trojan-Banker.Emotet
Invincea	heuristic
K7AntiVirus	Riskware ( 0040eff71 )
K7GW	Riskware ( 0040eff71 )
Kaspersky	Trojan-Banker.Win32.Emotet.eahp
MAX	malware (ai score=84)
Malwarebytes	Trojan.Injector
McAfee	Emotet-FOL!0B3ACF106862
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.bh
MicroWorld-eScan	Trojan.Autoruns.GenericKDS.32704618
Microsoft	Trojan:Win32/Emotet.SK!MSR
NANO-Antivirus	Trojan.Win32.Emotet.ggtvtw
Paloalto	generic.ml
Panda	Trj/Agent.PM
Qihoo-360	Win32/Trojan.434
Rising	Trojan.Generic@ML.94 (RDML:eMZ9PTKEj980fnzBgUVmXw)
SentinelOne	DFI – Malicious PE
Sophos	Mal/Generic-S
Symantec	Trojan Horse
Trapmine	malicious.moderate.ml.score
TrendMicro-HouseCall	TROJ_GEN.R03FC0DKC19
VBA32	Trojan.Emotet
VIPRE	Trojan.Win32.Generic!BT
Webroot	W32.Trojan.Gen
ZoneAlarm	Trojan-Banker.Win32.Emotet.eahp