Trojan

Trojan-Banker.Win32.RTM.hef information

Malware Removal

The Trojan-Banker.Win32.RTM.hef is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Banker.Win32.RTM.hef virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan-Banker.Win32.RTM.hef?



File Info:

crc32: DC0736EC
md5: 04309d46ab579040aae10d6b8a63fd04
name: 04309D46AB579040AAE10D6B8A63FD04.mlw
sha1: ef59e4d3380ce1cceb6aad67a1b8444b28debd35
sha256: a1092d1ff8ed97b851375da075479eabdca96d688788deba9871cd59f033cde1
sha512: b5a6e3aa57ae27a215cf2b4ee3766df5ec2844248d4b20f2f807ab8d6b023224fbed81fe3501484c219b20739cff352752450f26e58decb2ed60e884ce8a180c
ssdeep: 6144:aw+9DR9L2Y6fGKUjts0/UCLk3+gA5sE5uHdxGyP:ZkvIfnMs596S9xX
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

Trojan-Banker.Win32.RTM.hef also known as:

BkavW32.AIDetectVM.malware1
MicroWorld-eScanTrojan.GenericKD.45184719
FireEyeGeneric.mg.04309d46ab579040
McAfeeGenericRXND-HL!04309D46AB57
CylanceUnsafe
VIPRELooksLike.Win32.Zbot.b (v)
SangforMalware
CrowdStrikewin/malicious_confidence_90% (D)
BitDefenderTrojan.GenericKD.45184719
K7GWSpyware ( 0040f0131 )
K7AntiVirusSpyware ( 0040f0131 )
CyrenW32/Trojan.CFUJ-0784
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HILJ
APEXMalicious
AvastWin32:BankerX-gen [Trj]
KasperskyTrojan-Banker.Win32.RTM.hef
AlibabaTrojanBanker:Win32/Qakbot.707de80b
Ad-AwareTrojan.GenericKD.45184719
EmsisoftTrojan.GenericKD.45184719 (B)
DrWebBackDoor.Qbot.568
TrendMicroTROJ_GEN.R002C0RLR20
McAfee-GW-EditionGenericRXND-HL!04309D46AB57
SophosMal/Generic-R + Mal/EncPk-APV
JiangminTrojan.Banker.RTM.us
MAXmalware (ai score=85)
Antiy-AVLGrayWare/Win32.Kryptik.ehls
MicrosoftTrojan:Win32/Qakbot.GA!MTB
GridinsoftTrojan.Win32.Kryptik.oa
ArcabitTrojan.Generic.D2B176CF
AhnLab-V3Malware/Win32.Generic.C4280517
ZoneAlarmTrojan-Banker.Win32.RTM.hef
GDataTrojan.GenericKD.45184719
CynetMalicious (score: 100)
BitDefenderThetaGen:NN.ZedlaF.34700.CQ4@a41Tyfmi
ALYacTrojan.GenericKD.45184719
VBA32BScope.Trojan.Gatak
MalwarebytesTrojan.Crypt
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0RLR20
RisingTrojan.Kryptik!8.8 (TFE:2:ItOo6ejRx2)
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_92%
FortinetW32/Kryptik.HDNN!tr
AVGWin32:BankerX-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.2a0

How to remove Trojan-Banker.Win32.RTM.hef?

Trojan-Banker.Win32.RTM.hef removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment