Trojan

Trojan.Emotet.MUE.A5 information

Malware Removal

The Trojan.Emotet.MUE.A5 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Emotet.MUE.A5 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Attempts to connect to a dead IP:Port (3 unique times)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Created a process from a suspicious location

How to determine Trojan.Emotet.MUE.A5?



File Info:

name: DB814AB9C8411B372918.mlw
path: /opt/CAPEv2/storage/binaries/64de18c672a377740910b5f2f048ff9ba5f71d807715a94e0f05b933859e09de
crc32: 37187CB1
md5: db814ab9c8411b372918d997af69fc93
sha1: e4d8376fedcaa77891bfd43a0d378a92c25da932
sha256: 64de18c672a377740910b5f2f048ff9ba5f71d807715a94e0f05b933859e09de
sha512: e006ae28754bdc05e6540309c12b5ef6bc7f1182e046633d204a9db9c077c4fa5f7add0c8a3b6873611fbcb7f933ab0fee0053a1dab1e78d4cb1468ec4b59915
ssdeep: 1536:JfbSDXpkb6lKC+Jh3ua42ZAc20Henouy8hzNo:NbSDXe+l3+JZczo+outhzK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A5935A12A6018864F71D0B315A06FAE4099A9E3C59E4F24FF57CBD3AA9321D35EB704F
sha3_384: 602c168b104f892f7019433090e1622b3b8144d8d30cf7934ba00dcf44c90b81e33e6939b74645193902b32d983dbe21
ep_bytes: 60be002042008dbe00f0fdff5789e58d
timestamp: 2014-01-21 07:03:16


Version Info:

0: [No Data]

Trojan.Emotet.MUE.A5 also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader9.14244
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
FireEyeGeneric.mg.db814ab9c8411b37
CAT-QuickHealTrojan.Emotet.MUE.A5
MalwarebytesMalware.AI.2875196286
ZillyaTrojan.Urelas.Win32.15394
SangforTrojan.Win32.Save.a
K7AntiVirusBackdoor ( 0053e8561 )
K7GWBackdoor ( 0053e8561 )
Cybereasonmalicious.9c8411
BitDefenderThetaAI:Packer.29F4F72820
VirITTrojan.Win32.DownLoader9.VBW
CyrenW32/Urelas.E.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Urelas.U
AvastWin32:Dropper-gen [Drp]
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderGen:Heur.Mint.SP.Urelas.1
NANO-AntivirusTrojan.Win32.Beaugrit.cstnsg
TencentTrojan.Win32.Urelas.16000161
ComodoTrojWare.Win32.GupBoot.SHE@56ryx6
BaiduWin32.Trojan.Urelas.a
VIPRETrojan.Win32.Urelas.ab (v)
McAfee-GW-EditionBehavesLike.Win32.Backdoor.nh
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
JiangminTrojan/GenericCryptor.bt
AviraBDS/Backdoor.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.A10814
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataWin32.Trojan.PSE.TOM2IF
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Urelas.R95673
McAfeeGenericRXAA-AA!DB814AB9C841
MAXmalware (ai score=80)
VBA32BScope.Backdoor.Gulf
CylanceUnsafe
APEXMalicious
RisingTrojan.Urelas!8.1F5 (RDMK:cmRtazpFWrc/v6mdMmht33ECR4ot)
YandexTrojan.Agent!X3d7vSKFkVI
SentinelOneStatic AI – Suspicious PE
FortinetW32/Urelas.U!tr
AVGWin32:Dropper-gen [Drp]
PandaGeneric Suspicious
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Trojan.Emotet.MUE.A5?

Trojan.Emotet.MUE.A5 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment