Trojan

TrojanDownloader:Win32/Banload.BGB (file analysis)

Malware Removal

The TrojanDownloader:Win32/Banload.BGB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Banload.BGB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Authenticode signature is invalid
  • Behavioural detection: Injection (inter-process)
  • Attempts to modify proxy settings
  • Touches a file containing cookies, possibly for information gathering

How to determine TrojanDownloader:Win32/Banload.BGB?



File Info:

name: BD545BF107192C9ACCED.mlw
path: /opt/CAPEv2/storage/binaries/0590f865bb8c2953aa4c813395043b00e7679d008398eb2ae2796dbb4b178a8d
crc32: 57094A6B
md5: bd545bf107192c9acced97f093947efd
sha1: ce2b96b344f8aa2c210faacd07b2e976d8a81dab
sha256: 0590f865bb8c2953aa4c813395043b00e7679d008398eb2ae2796dbb4b178a8d
sha512: e0c95ed42d848b05a458c39b4b4d31b4eeaf91b256f0c5bb221667db0590422d33a6d5d611b132ff6986a03807aff9b95c3ca0aaf28ae415ee1fb61d00b4987c
ssdeep: 768:+iISe9deLOEdAUZWNcA4ApM/lkB84ZgkaqEo8krVeL9weR:HU9daOEdRoNcA4ApM9kB8FkrVa9l
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CA936291F2EAA599E56D85B05E73C4782A867C7941A04B3B31CEF79B183020770F7E1B
sha3_384: e76474350875dd08f412e363d88b6f9896168f45f254f5b3d74248e8e3e3480cecdb45e10541e7d0a1d350e32c816dc9
ep_bytes: 68e87a4000e8eeffffff000000000000
timestamp: 2014-05-12 10:07:40


Version Info:

Translation: 0x0409 0x04b0
CompanyName: Microsoft
ProductName: gbplugin
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Abrir 
OriginalFilename: Abrir .exe

TrojanDownloader:Win32/Banload.BGB also known as:

LionicTrojan.Win32.Agent.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.bd545bf107192c9a
SkyhighBehavesLike.Win32.Infected.mt
McAfeeArtemis!BD545BF10719
Cylanceunsafe
ZillyaTrojan.Agent.Win32.494576
SangforTrojan.Win32.Banload.8
K7AntiVirusRiskware ( 0040eff71 )
K7GWRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZevbaF.36802.fm0@aeqxkNbi
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/TrojanDownloader.Banload.SSJ
APEXMalicious
ClamAVWin.Downloader.Cossta-9889406-0
KasperskyTrojan.Win32.Agent.agjdf
NANO-AntivirusTrojan.Win32.Agent.dagmre
AvastWin32:VB-AIGY [Trj]
TencentWin32.Trojan.Agent.Pzfl
F-SecureHeuristic.HEUR/AGEN.1373262
DrWebTrojan.DownLoader9.61979
Trapminemalicious.moderate.ml.score
SophosMal/KillFile-A
IkarusTrojan.Win32.Agent
GoogleDetected
AviraHEUR/AGEN.1373262
Antiy-AVLTrojan/Win32.Agent
MicrosoftTrojanDownloader:Win32/Banload.BGB
XcitiumMalware@#3nzuzdvo8eyf4
ZoneAlarmTrojan.Win32.Agent.agjdf
CynetMalicious (score: 99)
VBA32BScope.Trojan.Agent
MAXmalware (ai score=100)
PandaTrj/CI.A
RisingMalware.Undefined!8.C (TFE:5:QT8EtGXTKiT)
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/VB.QLJ!tr.dldr
AVGWin32:VB-AIGY [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)
alibabacloudTrojan[Downloader]:Win/Swity.AZ

How to remove TrojanDownloader:Win32/Banload.BGB?

TrojanDownloader:Win32/Banload.BGB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment