Trojan

TrojanBanker.Tinba information

Malware Removal

The TrojanBanker.Tinba is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanBanker.Tinba virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Polish
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Behavioural detection: Injection (inter-process)
  • Tries to unhook or modify Windows functions monitored by Cuckoo

How to determine TrojanBanker.Tinba?



File Info:

name: C23F185C594721BBDE32.mlw
path: /opt/CAPEv2/storage/binaries/779cbc264787f314068b8c054cffad6a6231fbb909facfaa84bd3d179359f2b1
crc32: 66A28DDE
md5: c23f185c594721bbde3251467f3c7bf7
sha1: 744b4807d5a16bbe9bd9e6f6b18c717c2f065c83
sha256: 779cbc264787f314068b8c054cffad6a6231fbb909facfaa84bd3d179359f2b1
sha512: ff1eccb794ae2d38fb5e682ab26e0b839ccd843a7cc33480a4e92bb9db1002585d5fce9b0e42aa49f593f70a5d7cb9c22f9007295d44d65b4eba138939829278
ssdeep: 3072:sWOz68OWz45hoiQgcJoFnYZXzjuaJnjhp+9Lt:sWOWFQ0hZQgerjuAjhp+D
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T105E30290B581C596C054197042734F00E536AC15BBA4EFFB5F86AE5EED331CAC63A39B
sha3_384: a6dead07152a028ba07ed7ede98ec6f28815b710b2e34504de6558f6c8ee4de27e620d88749c9ec9bdfcdf7e2ea554d1
ep_bytes: 60be005042008dbe00c0fdff57eb0b90
timestamp: 2005-05-30 12:10:20


Version Info:

Comments: dearth fevered
CompanyName: zoneLINK
FileDescription: dots exceptionally
FileVersion: 150, 68, 33, 35
InternalName: coasted desperately
LegalCopyright: capitalist flushes
LegalTrademarks: censure foreigners
OriginalFilename: erratic.exe
PrivateBuild: convicting
ProductName: dwindle flickered
ProductVersion: 239, 100, 116, 108
SpecialBuild: fish

TrojanBanker.Tinba also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Ursu.384110
FireEyeGeneric.mg.c23f185c594721bb
McAfeeGenericRXAA-AA!C23F185C5947
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.1594704
K7AntiVirusTrojan ( 00547e251 )
K7GWTrojan ( 00547e251 )
Cybereasonmalicious.c59472
BitDefenderThetaGen:NN.ZexaF.34062.imKfaCHtWPaO
CyrenW32/S-104687bc!Eldorado
SymantecTrojan.Tinba!gm
ESET-NOD32a variant of Win32/Kryptik.DGSN
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Ursu.384110
NANO-AntivirusTrojan.Win32.Tinba.dreczt
AvastWin32:GenMalicious-KOE [Trj]
TencentMalware.Win32.Gencirc.10cf8e8f
Ad-AwareGen:Variant.Ursu.384110
SophosML/PE-A + Mal/Tinba-I
ComodoPacked.Win32.MUPX.Gen@24tbus
DrWebTrojan.PWS.Tinba.153
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionObfuscated-FAAH!01648AB48551
EmsisoftGen:Variant.Ursu.384110 (B)
APEXMalicious
GDataGen:Variant.Ursu.384110
JiangminTrojan/Banker.Tinba.ank
MaxSecureTrojan.Malware.300983.susgen
AviraHEUR/AGEN.1118863
MAXmalware (ai score=86)
Antiy-AVLTrojan/Generic.ASMalwS.1070716
MicrosoftTrojan:Win32/Sabsik.FL.B!ml
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win.FAAH.C4788321
VBA32TrojanBanker.Tinba
ALYacGen:Variant.Ursu.384110
TACHYONBanker/W32.Tinba.248320
MalwarebytesMalware.AI.2539815850
IkarusTrojan.Win32.Tinba
YandexTrojan.Agent!UmaAgV/ph2o
SentinelOneStatic AI – Malicious PE
FortinetW32/Deshacop.XO!tr
AVGWin32:GenMalicious-KOE [Trj]
CrowdStrikewin/malicious_confidence_60% (D)

How to remove TrojanBanker.Tinba?

TrojanBanker.Tinba removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment