Trojan

Trojan-Downloader.Win32.Bandit removal

Malware Removal

The Trojan-Downloader.Win32.Bandit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Downloader.Win32.Bandit virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Spanish (Ecuador)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Accessed credential storage registry keys
  • Collects information to fingerprint the system

How to determine Trojan-Downloader.Win32.Bandit?



File Info:

name: 24AD1EF9516C9FACA6C5.mlw
path: /opt/CAPEv2/storage/binaries/807b6bc92703870dc03cdb520c23485e8527be690c27e9ce368ae1c7e90d650d
crc32: 324FE243
md5: 24ad1ef9516c9faca6c57b867040f495
sha1: d2c0a0a26b124d503e63cd7762dd8afd108fcd03
sha256: 807b6bc92703870dc03cdb520c23485e8527be690c27e9ce368ae1c7e90d650d
sha512: 2318f8d0e2611087e2cbbd465d8eeb6f003e225ad2b6436e9806308f28f67c97542ce7fabad74585defb6df308598b10de1e93e9687f92476e87808d4dd5ac14
ssdeep: 98304:+vG7+y80k5mNBNLyUjlSBXODxTIheybMe9e/b5qygpUDywV:N7+x0k5GBNLyAGO9TIhhxk/b5LVD
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C2163319B3E2A835D7E16935CC244F121BA37D308ABD8D46B6A0153B7E38FC0566DF86
sha3_384: 927fdb6be6dd7b2ccab3ce1eba0276d2bfe53f6634ca97cc6575086d5074e40ccf6a51659044a4d43a34f9c08be0a623
ep_bytes: e88a340000e989feffffcccccccccce8
timestamp: 2021-04-30 15:35:34


Version Info:

InternalName: bomgpiaruci.iwa
Copyright: Copyrighz (C) 2021, fudkat
ProductVersion: 13.54.77.27
Translation: 0x0114 0x046a

Trojan-Downloader.Win32.Bandit also known as:

BkavW32.AIDetect.malware2
DrWebTrojan.Siggen15.55831
MicroWorld-eScanTrojan.GenericKD.38129595
FireEyeGeneric.mg.24ad1ef9516c9fac
McAfeeLockbit-FSWW!24AD1EF9516C
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00589d2d1 )
AlibabaTrojan:Win32/Azorult.b1fed040
K7GWTrojan ( 00589d2d1 )
BitDefenderThetaGen:NN.ZexaF.34114.@t0@ayvZwtGG
CyrenW32/Kryptik.FUG.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HNLZ
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan-Downloader.Win32.Bandit.gen
BitDefenderTrojan.GenericKD.38129595
AvastWin32:Malware-gen
TencentTrojan.Win32.Stop.16000125
Ad-AwareTrojan.GenericKD.38129595
TACHYONDownloader/W32.Bandit.4214784
EmsisoftTrojan.Crypt (A)
Comodofls.noname@0
ZillyaTrojan.Kryptik.Win32.3632974
TrendMicroTROJ_GEN.R003C0PKS21
McAfee-GW-EditionBehavesLike.Win32.Lockbit.rc
SophosMal/Generic-S + Troj/Krypt-BO
IkarusTrojan-Ransom.StopCrypt
JiangminTrojan.Fsysna.nli
eGambitUnsafe.AI_Score_99%
AviraTR/AD.GoCloudnet.rghtz
Antiy-AVLTrojan/Generic.ASMalwS.34D996A
GridinsoftRansom.Win32.STOP.sa
MicrosoftTrojan:Win32/Azorult.RM!MTB
ViRobotTrojan.Win32.Z.Kryptik.4214784
GDataWin32.Trojan.BSE.11GYDBI
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.FSWW.R454436
Acronissuspicious
VBA32TrojanDownloader.Bandit
ALYacTrojan.GenericKD.38129595
MAXmalware (ai score=86)
MalwarebytesTrojan.MalPack
TrendMicro-HouseCallTROJ_GEN.R003C0PKS21
RisingTrojan.Kryptik!1.DAC3 (CLASSIC)
YandexTrojan.Kryptik!Q4MmOeE9udk
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Lockbit.FSWW!tr
WebrootW32.Trojan.Gen
AVGWin32:Malware-gen
PandaTrj/Agent.ALS
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan-Downloader.Win32.Bandit?

Trojan-Downloader.Win32.Bandit removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment