Trojan

What is “Trojan-Banker.Win32.RTM.ght”?

Malware Removal

The Trojan-Banker.Win32.RTM.ght is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.RTM.ght virus can do?

  • Executable code extraction
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Trojan-Banker.Win32.RTM.ght?



File Info:

crc32: 31A90DC9
md5: fac9479674591e8b91cec126e32dcc8b
name: FAC9479674591E8B91CEC126E32DCC8B.mlw
sha1: 755375515cdd08ba808c0e601a2b7d4d7f5d02d6
sha256: 38a99aa1ab9922cca9dafd5b2f4c1d3b30ecd664da37afafeadc5e4bf65c7e59
sha512: dcc2757e2fd9822a22c47fb8c0fe56ff9febd5d062748b166de90a044e4bf12175e02d2dfeb3db4a0cb60da7845d6f5f9df6841d372015b8f3ce9d671b985011
ssdeep: 6144:RQ+9DR9L2Y6fGKUjts0/UCLk3+gA5sE5uHd6U:akvIfnMs596S9n
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: appcmd.exe
FileVersion: 7.5.7601.17514 (win7sp1_rtm.101119-1850)
CompanyName: Microsoft Corporation
ProductName: Internet Information Services
ProductVersion: 7.5.7601.17514
FileDescription: Application Server Command Line Admin Tool
OriginalFilename: appcmd.exe
Translation: 0x0000 0x04b0

Trojan-Banker.Win32.RTM.ght also known as:

BkavW32.malware.sig1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.72052
FireEyeGeneric.mg.fac9479674591e8b
McAfeeGenericRXNA-XE!FAC947967459
CylanceUnsafe
SangforMalware
K7AntiVirusSpyware ( 0040f0131 )
BitDefenderTrojan.GenericKDZ.72052
K7GWSpyware ( 0040f0131 )
CyrenW32/Qbot.BK.gen!Eldorado
SymantecML.Attribute.HighConfidence
AvastWin32:BankerX-gen [Trj]
KasperskyTrojan-Banker.Win32.RTM.ght
Ad-AwareTrojan.GenericKDZ.72052
SophosML/PE-A + Mal/EncPk-APV
F-SecureTrojan.TR/Vundo.Gen2
McAfee-GW-EditionArtemis!Trojan
EmsisoftTrojan.GenericKDZ.72052 (B)
SentinelOneStatic AI – Malicious PE
AviraTR/Vundo.Gen2
Antiy-AVLGrayWare/Win32.Kryptik.ehls
ArcabitTrojan.Generic.D11974
ZoneAlarmTrojan-Banker.Win32.RTM.ght
GDataTrojan.GenericKDZ.72052
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C4265195
ALYacGen:Variant.Barys.61272
MAXmalware (ai score=89)
APEXMalicious
ESET-NOD32a variant of Win32/GenCBL.QN
RisingTrojan.Kryptik!1.D014 (CLASSIC)
FortinetW32/Kryptik.HDNN!tr
AVGWin32:BankerX-gen [Trj]

How to remove Trojan-Banker.Win32.RTM.ght?

Trojan-Banker.Win32.RTM.ght removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment