Trojan

Trojan-Banker.Win32.RTM.fsx (file analysis)

Malware Removal

The Trojan-Banker.Win32.RTM.fsx is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.RTM.fsx virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup

How to determine Trojan-Banker.Win32.RTM.fsx?



File Info:

crc32: 6453A552
md5: 07d6245dce3861ee66a5cd93cc303959
name: 07D6245DCE3861EE66A5CD93CC303959.mlw
sha1: 10e6143c7cea020af881a4786db7b6542447ce4b
sha256: 189181e7b157bab23c89e8ae14e1e18ef2c153e81c135cc47ceec9c5eeb449b4
sha512: 23f7387575497ea16ac5f4ff3e6b90c4d5e5e6be3ef0c4be2760c14ffddf05fea302d6a7d8b9f05701d273b62aafe55166504a854d95b819ea7921c8614f9fd0
ssdeep: 49152:0KM/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb/rb:
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Copyright (C) 2014 AVG Technologies CZ, s.r.o.
InternalName: AvDump32
FileVersion: 17.3.3443.0
CompanyName: AVG Technologies CZ, s.r.o.
ProductName: AVG Internet Security System 
ProductVersion: 17.3.3443.0
FileDescription: AVG Dump Process
OriginalFilename: AvDump32.exe
Translation: 0x0409 0x04b0

Trojan-Banker.Win32.RTM.fsx also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.356932
FireEyeGeneric.mg.07d6245dce3861ee
McAfeeGenericRXMZ-SU!07D6245DCE38
CylanceUnsafe
SangforMalware
K7AntiVirusTrojan ( 00574b441 )
BitDefenderGen:Variant.Zusy.356932
K7GWTrojan ( 00574b441 )
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderThetaGen:NN.ZedlaF.34700.c68@aC6jSFli
SymantecML.Attribute.HighConfidence
ClamAVWin.Trojan.Generic-9808189-0
KasperskyTrojan-Banker.Win32.RTM.fsx
RisingTrojan.Kryptik!1.CFFC (CLASSIC)
Ad-AwareGen:Variant.Zusy.356932
SophosML/PE-A + Mal/EncPk-APV
McAfee-GW-EditionBehavesLike.Win32.Dropper.vt
EmsisoftGen:Variant.Zusy.356932 (B)
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=80)
Antiy-AVLGrayWare/Win32.Kryptik.ehls
MicrosoftTrojan:Win32/Wacatac.B!ml
ArcabitTrojan.Zusy.D57244
ZoneAlarmTrojan-Banker.Win32.RTM.fsx
GDataGen:Variant.Zusy.356932
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R358128
VBA32BScope.Backdoor.Vawtrak
ALYacGen:Variant.Graftor.868310
APEXMalicious
ESET-NOD32a variant of Win32/Kryptik.HIGG
FortinetW32/Kryptik.HDNN!tr
AVGWin32:BankerX-gen [Trj]
AvastWin32:BankerX-gen [Trj]
Qihoo-360HEUR/QVM39.1.F720.Malware.Gen

How to remove Trojan-Banker.Win32.RTM.fsx?

Trojan-Banker.Win32.RTM.fsx removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment