Trojan

What is “TrojanDownloader:O97M/EncDoc.CN!MTB”?

Malware Removal

The TrojanDownloader:O97M/EncDoc.CN!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:O97M/EncDoc.CN!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location

How to determine TrojanDownloader:O97M/EncDoc.CN!MTB?



File Info:

name: 720D0F1CAFD301BF2E65.mlw
path: /opt/CAPEv2/storage/binaries/3e6645db8acd3ba810f7939f7253a0bd8373061d39fbd23699744faf8016c0c3
crc32: 465F0AE8
md5: 720d0f1cafd301bf2e65637410d7b2fb
sha1: f003bbc63141838a9162be7cd295e3be65b4d486
sha256: 3e6645db8acd3ba810f7939f7253a0bd8373061d39fbd23699744faf8016c0c3
sha512: 867ec7280293eec76729928952989354b2f8ce43864bd5b4387072a268a52ab57ebe1dab408dba16128b5b32a4cd20dcec901afda78e0c3c50f70881f9d79e48
ssdeep: 12288:z5393whFOBbkpJ+2PQf7ZanlQ0YZLccaMlEsVNFnmGK4Rzw:z53uhF7p8/f7mELn/VNxmp4pw
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15CD40101BBDA5CFAC58336700B217F765AFAF22D1B1406C7A7983A16BE322D195391C7
sha3_384: f76c8819b1a0b90e3c37c12b3e4628456998dd306dfdd23c8ebeb64b94078b7a95bcb861b5cc975b41fdcd5a28fec5be
ep_bytes: 558bec6aff6880fa410068f0c4410064
timestamp: 2016-04-02 22:14:34


Version Info:

CompanyName: www.sordum.org
LegalCopyright: Copyright © 2015-2021 www.sordum.org All Rights Reserved.
Comments: dfControl v2.0
FileVersion: 2.0.0.0
OriginalFilename: dfControl.exe
FileDescription: dfControl v2.0
ProductVersion: 2.0.0.0
Created: 7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Builder: User 13:20:39 09/10/2021
Translation: 0x0000 0x04b0

TrojanDownloader:O97M/EncDoc.CN!MTB also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Trone.a!c
MicroWorld-eScanApplication.Hacktool.AUI
FireEyeGeneric.mg.720d0f1cafd301bf
CAT-QuickHealTrojan.Agent
ALYacApplication.Hacktool.AUI
CylanceUnsafe
SangforTrojan.Win32.Trone.oo
K7AntiVirusTrojan ( 700000111 )
BitDefenderApplication.Hacktool.AUI
K7GWTrojan ( 700000111 )
CyrenW32/Trojan.OJWS-2267
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/RiskWare.DefenderControl.C
APEXMalicious
AvastWin32:Malware-gen
ClamAVWin.Malware.Drivepack-9884589-1
KasperskyTrojan-Downloader.Win32.Trone.oo
AlibabaTrojanDownloader:Win32/DefenderControl.c8172b4e
NANO-AntivirusRiskware.Win32.DefenderDisabler.jklzpd
RisingDownloader.Trone!8.120F0 (CLOUD)
EmsisoftApplication.Hacktool.AUI (B)
ComodoApplicUnwnt@#3fngi406ph0tx
TrendMicroPUA.Win32.DEFCTRL.C
McAfee-GW-EditionBehavesLike.Win32.PUP.hc
SophosGeneric PUA PA (PUA)
SentinelOneStatic AI – Malicious SFX
GDataApplication.Hacktool.AUI
JiangminTrojan/CoinMiner.ab.a
AviraTR/Agent.zek
Antiy-AVLTrojan/Generic.ASBOL.C6A4
ArcabitApplication.Hacktool.AUI
ZoneAlarmTrojan-Downloader.Win32.Trone.oo
MicrosoftTrojanDownloader:O97M/EncDoc.CN!MTB
CynetMalicious (score: 99)
McAfeeArtemis!720D0F1CAFD3
MAXmalware (ai score=84)
VBA32TrojanDownloader.Trone
MalwarebytesMalware.AI.619574118
TrendMicro-HouseCallPUA.Win32.DEFCTRL.C
TencentWin32.Trojan-downloader.Trone.Adkn
FortinetRiskware/DefenderTool
AVGWin32:Malware-gen

How to remove TrojanDownloader:O97M/EncDoc.CN!MTB?

TrojanDownloader:O97M/EncDoc.CN!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment