Categories: Trojan

Trojan-Banker.Win32.NeutrinoPOS.eey information

The Trojan-Banker.Win32.NeutrinoPOS.eey is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Banker.Win32.NeutrinoPOS.eey virus can do?

Executable code extraction
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
Performs some HTTP requests
Unconventionial language used in binary resources: Hebrew
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Anomalous binary characteristics

Related domains:

ipv4bot.whatismyipaddress.com

a.dnspod.com

nomoreransom.bit

bleepingcomputer.bit

emsisoft.bit

esetnod32.bit

gandcrab.bit

How to determine Trojan-Banker.Win32.NeutrinoPOS.eey?


File Info:
crc32: 21D8C7FEmd5: d32d05e568bd76383c888d562a99fd6dname: D32D05E568BD76383C888D562A99FD6D.mlwsha1: f99bdb0a406683a52bafbcf052dd3dee4a98e6adsha256: 9693c8ccb86e642135dd8c0f52aece94be3dcce17a02eaff89fbd0b9410d7f6dsha512: f48bd02be39fa0db01e5d94e6bf98e6113bca38035819b1d2e3226b278b94cd593e1c4acea427764424db1ccdc6e1cb0554b974611c404f7b8d079a2424c7df9ssdeep: 3072:zNYyI9ogb8eovM3DNan+MJHoyNxHGS/p6ux:zvO8eoE++clHGQ6utype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2017, phpdummiessFileVersion: 6.3.6.8ProductVersion: 6.3.6.8Translation: 0x0809 0x04b0

Trojan-Banker.Win32.NeutrinoPOS.eey also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 0053305e1 )
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoad4.931
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Chapak.ZZ5
ALYac	Trojan.BRMon.Gen.3
Malwarebytes	Ransom.GandCrab
Zillya	Trojan.NeutrinoPOS.Win32.81
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
K7GW	Trojan ( 0053305e1 )
Cybereason	malicious.568bd7
Cyren	W32/S-dea5fd14!Eldorado
Symantec	Packed.Generic.525
ESET-NOD32	a variant of Win32/Kryptik.GCPG
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Packed.Generic-9853074-1
Kaspersky	Trojan-Banker.Win32.NeutrinoPOS.eey
BitDefender	Trojan.BRMon.Gen.3
NANO-Antivirus	Trojan.Win32.NeutrinoPOS.exlshm
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
MicroWorld-eScan	Trojan.BRMon.Gen.3
Tencent	Trojan.Win32.Gandcrypt.b
Ad-Aware	Trojan.BRMon.Gen.3
Sophos	Mal/Generic-R + Mal/Kryptik-BL
Comodo	Application.Win32.IStartSurf.PS@8c4m91
BitDefenderTheta	Gen:NN.ZexaF.34684.ju0@ae84pvqG
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	Ransom_HPGANDCRAB.SMONT
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
FireEye	Generic.mg.d32d05e568bd7638
Emsisoft	Trojan.BRMon.Gen.3 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Banker.NeutrinoPOS.bw
Avira	HEUR/AGEN.1117310
eGambit	Unsafe.AI_Score_99%
AegisLab	Trojan.Win32.NeutrinoPOS.tpgC
GData	Trojan.BRMon.Gen.3
TACHYON	Banker/W32.NeutrinoPOS.149504
AhnLab-V3	Trojan/Win.MalPe.X2055
Acronis	suspicious
McAfee	Packed-ZG!D32D05E568BD
MAX	malware (ai score=98)
VBA32	BScope.Trojan.Suloc
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	Ransom_HPGANDCRAB.SMONT
Rising	Ransom.GandCrab!1.B152 (RDMK:cmRtazqrb8DQ2R6UvlLC7RCjw83t)
Yandex	Trojan.GenAsa!q1Y64ZBrNgw
Ikarus	Trojan.Crypt
MaxSecure	Ransomeware.CRAB.gen
Fortinet	W32/GenKryptik.CPZI!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml