Trojan

Trojan-Banker.Win32.Emotet.epqn (file analysis)

Malware Removal

The Trojan-Banker.Win32.Emotet.epqn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.Emotet.epqn virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Mimics the system’s user agent string for its own requests
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Deletes its original binary from disk
  • Attempts to remove evidence of file being downloaded from the Internet
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan-Banker.Win32.Emotet.epqn?



File Info:

crc32: 7E071FF6
md5: b705c5d4cb9be94238a064e5c0b86b03
name: ape99422863.exe
sha1: f14b8ff80563a741db51dfa3a586b410a912182f
sha256: 3d87162ae4cd417168d86fa45aa60d0dc77992c5ef348233d6ee7711dfb6be2b
sha512: 2fd99aa15eedb0ebce0f5970b3aa09b7e75f84826be49190ebd78746772685e2ab885b3f6a6df1805d349771946485a9ee332eb3c7cee2161de10dfd59fa5129
ssdeep: 6144:OEnl5H1swlJaPUulefBZ2v6hOwfjmX2AbjrYAOTDMs0e/MIu:OEnl5H6w/alleffOwaXzUAOTDMbb
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2003
InternalName: dhtml2
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: dhtml2 Application
ProductVersion: 1, 0, 0, 1
FileDescription: dhtml2 MFC Application
OriginalFilename: dhtml2.EXE
Translation: 0x0409 0x04b0

Trojan-Banker.Win32.Emotet.epqn also known as:

DrWebTrojan.Emotet.893
FireEyeTrojan.Autoruns.GenericKDS.42252213
ALYacTrojan.Agent.Emotet
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 0055eddb1 )
BitDefenderTrojan.Autoruns.GenericKDS.42252213
K7GWTrojan ( 0055eddb1 )
TrendMicroTrojanSpy.Win32.EMOTET.THAAEBO
CyrenW32/Trickbot.CF.gen!Eldorado
SymantecTrojan Horse
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Dropper.Emotet-7540601-0
GDataWin32.Trojan-Spy.Emotet.EIW90S
KasperskyTrojan-Banker.Win32.Emotet.epqn
AlibabaTrojan:Win32/starter.ali1000037
AegisLabTrojan.Multi.Generic.4!c
Ad-AwareTrojan.Autoruns.GenericKDS.42252213
SophosMal/Generic-S
McAfee-GW-EditionBehavesLike.Win32.Worm.fh
Trapminemalicious.high.ml.score
EmsisoftTrojan.Emotet (A)
IkarusTrojan-Banker.Emotet
F-ProtW32/Trickbot.CF.gen!Eldorado
WebrootW32.Trojan.Emotet
AviraTR/AD.Emotet.eoro
Endgamemalicious (high confidence)
ArcabitTrojan.Autoruns.GenericS.D284B7B5
ZoneAlarmTrojan-Banker.Win32.Emotet.epqn
MicrosoftTrojan:Win32/Emotet!ibt
AhnLab-V3Trojan/Win32.Emotet.C3903874
McAfeeGenericRXAA-AA!B705C5D4CB9B
MAXmalware (ai score=84)
VBA32BScope.Trojan.Downloader
MalwarebytesTrojan.Emotet
PandaTrj/Emotet.A
ESET-NOD32a variant of Win32/Kryptik.HAGR
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.THAAEBO
RisingTrojan.Emotet!8.B95 (CLOUD)
FortinetW32/Malicious_Behavior.VEX
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_60% (W)

How to remove Trojan-Banker.Win32.Emotet.epqn?

Trojan-Banker.Win32.Emotet.epqn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment