What is "Trojan-Downloader.Win32.Bandit.jmo"?

The Trojan-Downloader.Win32.Bandit.jmo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan-Downloader.Win32.Bandit.jmo virus can do?

Executable code extraction
Attempts to connect to a dead IP:Port (1 unique times)
Creates RWX memory
Possible date expiration check, exits too soon after checking local time
A process attempted to delay the analysis task.
Expresses interest in specific running processes
A process created a hidden window
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to create or modify system certificates
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

venoxcontrol.com

How to determine Trojan-Downloader.Win32.Bandit.jmo?


File Info:
crc32: 7874A5DC
md5: 3e184f398397e78d156c203ce449f78b
name: experience2Bcertificate2Bformat2Bfor2Bdriver2Bpdf_aaqx1l3coqaatbecaelofwasal6trkia.exe
sha1: 4a7bfafe85651d9df3126425f4983570463a8b50
sha256: 98045a177630e3460a89c24175a24b8d750d47e9ddd5d236d3646cf3dc73ed01
sha512: fcad519d440cba929a6f49c6d9f372149741860b02927626cbb4a17e525c4b03fc6dea72e9d72f226c54233d6a181fd753a464804925a14873556db8cb9f5582
ssdeep: 98304:oqW+FDM2sLLxLt+K2WDmN72agQxd1V8iok:oqWSMLKKFOH8i5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0219 0x04e4

Trojan-Downloader.Win32.Bandit.jmo also known as:

DrWeb	Trojan.Siggen8.58817
MicroWorld-eScan	Trojan.GenericKD.32772171
FireEye	Generic.mg.3e184f398397e78d
McAfee	Trojan-FRQV!3E184F398397
Malwarebytes	Trojan.MalPack.GS
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Multi.Generic.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 003c36381 )
BitDefender	Trojan.GenericKD.32772171
K7GW	Trojan ( 003c36381 )
Cybereason	malicious.e85651
BitDefenderTheta	Gen:NN.ZexaF.32517.Wx0@a4bZw9b
Symantec	Trojan.Glupteba
APEX	Malicious
GData	Win32.Trojan-Downloader.Glupteba.WZI538
Kaspersky	Trojan-Downloader.Win32.Bandit.jmo
Alibaba	TrojanDownloader:Win32/Bandit.e8468f27
Rising	Trojan.Kryptik!1.BFC4 (CLASSIC)
Ad-Aware	Trojan.GenericKD.32772171
Sophos	Mal/Generic-S
Comodo	Malware@#17sk1j5vi7sg3
F-Secure	Trojan.TR/AD.GoCloudnet.gcko
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.MultiPlug.wc
Trapmine	suspicious.low.ml.score
Ikarus	Trojan.Win32.Crypt
Cyren	W32/Trojan.AHCV-9306
Jiangmin	TrojanDownloader.Bandit.ayu
Webroot	W32.Trojan.Gen
Avira	TR/AD.GoCloudnet.gcko
MAX	malware (ai score=85)
Endgame	malicious (high confidence)
Arcabit	Trojan.Generic.D1F4104B
ZoneAlarm	Trojan-Downloader.Win32.Bandit.jmo
Microsoft	Trojan:Win32/GandCrypt.GE!MTB
AhnLab-V3	Malware/Win32.RL_Generic.R301699
Acronis	suspicious
ALYac	Trojan.GenericKD.32772171
VBA32	Malware-Cryptor.Limpopo
Cylance	Unsafe
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Kryptik.GYYS
TrendMicro-HouseCall	TROJ_GEN.R002C0DL219
SentinelOne	DFI – Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Malicious_Behavior.VEX
AVG	FileRepMalware
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Win32/Trojan.Downloader.851

How to remove Trojan-Downloader.Win32.Bandit.jmo?

Trojan-Downloader.Win32.Bandit.jmo removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “Trojan-Downloader.Win32.Bandit.jmo”?