Trojan

How to remove “TrojanDownloader:O97M/Obfuse.HM!MTB”?

Malware Removal

The TrojanDownloader:O97M/Obfuse.HM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:O97M/Obfuse.HM!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • A potential decoy document was displayed to the user
  • Attempts to bypass application whitelisting by executing .NET utility in a suspended state, potentially for injection
  • Anomalous binary characteristics

How to determine TrojanDownloader:O97M/Obfuse.HM!MTB?



File Info:

name: CCC71CE6944397811A58.mlw
path: /opt/CAPEv2/storage/binaries/0c33c5f48dd45753304e0c525d0e0f26d59a2d47088fdbbd0652f355c3d573e8
crc32: 97375E19
md5: ccc71ce6944397811a58348f0909e635
sha1: c32c7b97b118292f9ec396ffa5503c6a60b4f088
sha256: 0c33c5f48dd45753304e0c525d0e0f26d59a2d47088fdbbd0652f355c3d573e8
sha512: 04dc9309ac7c19548dc94c86bc3aceb1ce672306b2698301b4f8ec4206ead6d7dfbdc084adb6493a3d18adb349f4c6c541a824901c4fbfef060f9eb37a2630b0
ssdeep: 24576:uAHnh+eWsN3skA4RV1Hom2KXMmHai8rET5MvT+WVcH/395:Zh+ZkldoPK8Yai8rC5MvTfMn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B885C10362A18237EBDA9D73DE15A20D16ADED55F123453A728C3BEB6FB0161123B1D3
sha3_384: c01a2525f1beab7f6b88d74b607b627efad9ef9a924c4e11cad660d18dda4e444b520d387357c1e02a78ba50f4b68944
ep_bytes: e8c8d00000e97ffeffffcccccccccccc
timestamp: 2019-08-06 11:53:19


Version Info:

Translation: 0x0809 0x04b0

TrojanDownloader:O97M/Obfuse.HM!MTB also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Gamehack.3!e
Elasticmalicious (high confidence)
McAfeeArtemis!CCC71CE69443
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/AutoitInject.952cf986
K7GWTrojan ( 700000111 )
Cybereasonmalicious.694439
VirITTrojan.Win32.PSWStealer.BQF
CyrenW32/AutoIt.IJ.gen!Eldorado
SymantecInfostealer
ESET-NOD32a variant of Win32/Injector.Autoit.EEO
APEXMalicious
AvastWin32:Trojan-gen
CynetMalicious (score: 100)
KasperskyTrojan.MSIL.Crypt.hgtn
BitDefenderTrojan.GenericKD.38245800
NANO-AntivirusTrojan.Win32.Crypt.fviucz
ViRobotTrojan.Win32.Z.Nymeria.1818624
MicroWorld-eScanTrojan.GenericKD.38245800
TencentMsil.Trojan.Crypt.Tclz
Ad-AwareTrojan.GenericKD.38245800
SophosMal/Generic-R + Mal/AuItInj-A
ComodoMalware@#2e4cdqymwzygc
DrWebTrojan.DownLoader30.578
TrendMicroBackdoor.AutoIt.BLADABINDI.SMA.hp
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.th
FireEyeGeneric.mg.ccc71ce694439781
EmsisoftTrojan.GenericKD.38245800 (B)
IkarusTrojan.Autoit
GDataTrojan.GenericKD.38245800
AviraHEUR/AGEN.1140401
Antiy-AVLTrojan/Generic.ASCommon.16E
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.Generic.D24795A8
MicrosoftTrojanDownloader:O97M/Obfuse.HM!MTB
AhnLab-V3Malware/Win32.RL_Generic.R272653
ALYacTrojan.GenericKD.38245800
MAXmalware (ai score=100)
MalwarebytesMalware.AI.4217281230
TrendMicro-HouseCallBackdoor.AutoIt.BLADABINDI.SMA.hp
RisingTrojan.Obfus/Autoit!1.BB81 (CLASSIC)
FortinetAutoIt/Injector.EEV!tr
BitDefenderThetaAI:Packer.775071B917
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (W)
MaxSecureTrojan.Malware.8720480.susgen

How to remove TrojanDownloader:O97M/Obfuse.HM!MTB?

TrojanDownloader:O97M/Obfuse.HM!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment