Trojan

TrojanDownloader:O97M/EncDoc.PML!MTB removal

Malware Removal

The TrojanDownloader:O97M/EncDoc.PML!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:O97M/EncDoc.PML!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Reads data out of its own binary image
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • A ping command was executed with the -n argument possibly to delay analysis
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk

How to determine TrojanDownloader:O97M/EncDoc.PML!MTB?



File Info:

name: 3FDE2E0DA899A173E698.mlw
path: /opt/CAPEv2/storage/binaries/f0ddfdda56df67d11cba87a61e65f3921cd5318818d5b7e620e71974744d54ac
crc32: 77458A75
md5: 3fde2e0da899a173e69828eaf81c0543
sha1: b681688889187bf18e0d9ecf546d78c712a4a033
sha256: f0ddfdda56df67d11cba87a61e65f3921cd5318818d5b7e620e71974744d54ac
sha512: a90b241465a65e77e395ea8382d2f01c90dc6801df0be6bb3618ad400bf7c2d795ae13db58f8a60b1a64179c71893f856ea2f6077d493e39e10897da2d0bca61
ssdeep: 98304:ma8yD+61Dcn2BlJPD8Nzl2bT8mRaw8GFvuztrxcwW1AQBze0Wcn:MyC61nt8NPLwJ+VfSFBGo
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1225633D9127C871BF7E63D34B8BB2DD19F70AC866E78825E22E13C98197371A5814F24
sha3_384: be8ef8fb02b579e0f009e93f921343dbc76c1a6f17623b8fc3a1e36b9304aaf67d2079967cd417c7bc613729657d6451
ep_bytes: 60be00009d008dbe0010a3ff57eb0b90
timestamp: 2019-03-18 06:57:05


Version Info:

FileVersion: 6.1.19.318
LegalCopyright: Copyright © 2013-2015
ProductVersion: 6.1.19.318
授权方式: arFi
Translation: 0x0804 0x04b0

TrojanDownloader:O97M/EncDoc.PML!MTB also known as:

BkavW32.AIDetect.malware2
LionicAdware.Win32.Ruco.2!c
Elasticmalicious (high confidence)
DrWebTrojan.StartPage1.56912
MicroWorld-eScanTrojan.GenericKD.41168204
FireEyeGeneric.mg.3fde2e0da899a173
ALYacTrojan.GenericKD.41168204
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.46310
SangforSuspicious.Win32.HSTR.AutoitItV3ModGUIDMark
K7AntiVirusTrojan ( 700000111 )
AlibabaAdWare:Win32/Generic.0ff28979
K7GWTrojan ( 700000111 )
Cybereasonmalicious.da899a
CyrenW32/Trojan.XDJA-4970
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Packed.Autoit.Y suspicious
TrendMicro-HouseCallTROJ_GEN.R002H0CKJ21
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.Ruco.clr
BitDefenderTrojan.GenericKD.41168204
AvastWin32:Malware-gen
Ad-AwareTrojan.GenericKD.41168204
SophosMal/Generic-S
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.tc
EmsisoftTrojan.GenericKD.41168204 (B)
AviraHEUR/AGEN.1135820
GridinsoftRansom.Win32.Wacatac.sa
MicrosoftTrojanDownloader:O97M/EncDoc.PML!MTB
GDataTrojan.GenericKD.41168204
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C3161391
McAfeeArtemis!3FDE2E0DA899
MAXmalware (ai score=81)
VBA32Adware.Ruco
MalwarebytesMalware.AI.2616510892
APEXMalicious
RisingTrojan.Obfus/Autoit!1.D77B (CLASSIC)
MaxSecureTrojan.Malware.300983.susgen
FortinetRiskware/Application
AVGWin32:Malware-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_90% (W)

How to remove TrojanDownloader:O97M/EncDoc.PML!MTB?

TrojanDownloader:O97M/EncDoc.PML!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment