Trojan

Should I remove “TrojanBanker.Banz”?

Malware Removal

The TrojanBanker.Banz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanBanker.Banz virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • Executable file is packed/obfuscated with ASPack
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

Related domains:

wpad.local-net

How to determine TrojanBanker.Banz?



File Info:

name: 03C239AF505A02E7F0E2.mlw
path: /opt/CAPEv2/storage/binaries/e1f8bb8c975838407a0ae81a6d0995343261307f0071f0f18f820eb13e905777
crc32: BE622602
md5: 03c239af505a02e7f0e241c2e4075591
sha1: 565bfe2ac5b656989e3d79c5b861a0596fb43028
sha256: e1f8bb8c975838407a0ae81a6d0995343261307f0071f0f18f820eb13e905777
sha512: b00f86b027c0b4575fa801f1b833da17140c07bb95b6c5435a719d7a1b26f6df1a85d809314fbde8ac68b377dd9f1aa8f09a3154890954c0eac8b902e7b0ed05
ssdeep: 6144:Q66vjlP3eurocaZTbVLrS5tFnJt+vVvbJCItECgExFa8jQVoe:QPvJ3euroBZPVi5LnJMVCItECFxFa8j
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15B642343BBC98065D4C924F0E137AA365F8BAF4240171E6A06B8EF5E39D1734569EC26
sha3_384: 2d674f325103bcbb6afa6e72623e8fd76a79ccb28811a162347cfaf5701c1573927f79901ab91c3fabb74963a040b771
ep_bytes: 60e803000000e9eb045d4555c3e80100
timestamp: 1992-06-19 22:22:17


Version Info:

CompanyName: 奇纳软件
FileDescription: 天涯查询工具
FileVersion: 1.4.1.0
InternalName: 
LegalCopyright: Kinasoft
LegalTrademarks: 
OriginalFilename: tyfind
ProductName: 天涯查询工具
ProductVersion: 1.4
Comments: kinasoft@gmail.com
Translation: 0x0804 0x03a8

TrojanBanker.Banz also known as:

LionicTrojan.Win32.Generic.4!c
McAfeeArtemis!03C239AF505A
VIPRETrojan.Win32.Generic!BT
SymantecML.Attribute.HighConfidence
Paloaltogeneric.ml
ZillyaTrojan.Banz.Win32.3921
McAfee-GW-EditionBehavesLike.Win32.Trojan.fc
MicrosoftTrojan:Win32/Wacatac.B!ml
VBA32TrojanBanker.Banz
CylanceUnsafe
APEXMalicious
YandexTrojan.GenAsa!s28+dtoX6Ec
MaxSecureTrojan.Malware.300983.susgen
FortinetBanker!tr.pws

How to remove TrojanBanker.Banz?

TrojanBanker.Banz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment