Trojan

Trojan-Banker.Win32.Emotet.ekeb removal guide

Malware Removal

The Trojan-Banker.Win32.Emotet.ekeb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.Emotet.ekeb virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Trojan-Banker.Win32.Emotet.ekeb?



File Info:

crc32: 3ED6E47E
md5: f6cb383d0a49c2f9c6e7c3503d571eb2
name: tjBSz.exe
sha1: c45699934708d88fc9cc8d2ba1efa886a3243370
sha256: add7df9218a189bf1f0cf85beadc37b42240747cbc18e1cf8b3ac25d3e226bac
sha512: 065948de8bb17aff42a3a55ec09097f78cd2eeae43ffaac88aff56289840fc6455cb8bedac77a7a08e1615dfd3a356c92856ba8d474494c4374dae14fc96b5a7
ssdeep: 12288:PbFmNHloUQYbEZpakjYDJA1zpYDwUei8jPjMQ:gHNQYbuDj6SfLjPb
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2002
InternalName: Visual Editor
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: Visual Editor x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: Visual Editor x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: Visual Editor.EXE
Translation: 0x0804 0x04b0

Trojan-Banker.Win32.Emotet.ekeb also known as:

MicroWorld-eScanTrojan.Autoruns.GenericKDS.42074815
FireEyeGeneric.mg.f6cb383d0a49c2f9
McAfeeRDN/Emotet-Dropped
ALYacTrojan.Autoruns.GenericKDS.42074815
MalwarebytesTrojan.Emotet
VIPRETrojan.Win32.Generic!BT
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderTrojan.Autoruns.GenericKDS.42074815
K7GWRiskware ( 0040eff71 )
CrowdStrikewin/malicious_confidence_70% (W)
SymantecTrojan Horse
APEXMalicious
ClamAVWin.Trojan.Generic-7419910-0
GDataTrojan.Autoruns.GenericKDS.42074815
KasperskyTrojan-Banker.Win32.Emotet.ekeb
RisingTrojan.Generic@ML.91 (RDML:PDFJ7CSRnOV9b5WIyCNXjA)
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoMalware@#24dlpa5atg18m
F-SecureTrojan.TR/AD.Emotet.pmmmu
DrWebTrojan.DownLoader30.46532
McAfee-GW-EditionRDN/Emotet-Dropped
Trapminesuspicious.low.ml.score
IkarusTrojan.Win32.Krypt
JiangminTrojan.Banker.Emotet.mpy
WebrootW32.Trojan.Emotet
MAXmalware (ai score=81)
ArcabitTrojan.Autoruns.GenericS.D28202BF
ZoneAlarmTrojan-Banker.Win32.Emotet.ekeb
MicrosoftTrojan:Win32/Emotet.DHF!MTB
AhnLab-V3Trojan/Win32.RL_Trickbot.R301608
Ad-AwareTrojan.Autoruns.GenericKDS.42074815
CylanceUnsafe
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/GenKryptik.DYXT
SentinelOneDFI – Suspicious PE
FortinetW32/GenKryptik.DYLZ!tr
BitDefenderThetaGen:NN.ZexaE.32515.Iq1@aaBNJfeb
AVGFileRepMalware
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.dfe

How to remove Trojan-Banker.Win32.Emotet.ekeb?

Trojan-Banker.Win32.Emotet.ekeb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment