Trojan

TrojanDownloader:Win32/Small.RDSA!MTB removal

Malware Removal

The TrojanDownloader:Win32/Small.RDSA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanDownloader:Win32/Small.RDSA!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Executed a very long command line or script command which may be indicative of chained commands or obfuscation
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the WarzoneRAT malware family
  • A script or command line contains a long continuous string indicative of obfuscation
  • Attempts to modify Windows Defender using PowerShell
  • Attempts to execute suspicious powershell command arguments
  • Accesses or creates Warzone RAT directories and/or files
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine TrojanDownloader:Win32/Small.RDSA!MTB?



File Info:

name: 9CA2AEA37F13D0402192.mlw
path: /opt/CAPEv2/storage/binaries/7beb15d5d662d841aec158ae7f19a5205d1e7fb790e15704ede37280097eb525
crc32: F63C8455
md5: 9ca2aea37f13d0402192131a29fc9f06
sha1: 475990f409dc97b5cf8393a686a885ec7a336258
sha256: 7beb15d5d662d841aec158ae7f19a5205d1e7fb790e15704ede37280097eb525
sha512: 09e388929208ebd114d245e479c47f8e57c7923ebd9861d7e76978effd8de70b23851f7fcb76bd041e7c54243727abd42fa0e36154f8662f1eadf67cd745b777
ssdeep: 6144:iHBfQCPhpQXu9yd0CNwGhPmkBE0zia8oJceLw9SfEBmTYHUaHspubANivU:iHBY2pSdvjBE0ziZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AA44E7364F5B6EC5F01CD733D9F2A8640273B8D5E82B29FCB915929AA78D1C1D072D28
sha3_384: a8891f900f885ffa17159f128130b71edc52d7f40cd65630880272b6c14d5e7f5de6dc8d982406abcec36bf552cedef8
ep_bytes: 5589e581ec0800000090b80400000050
timestamp: 1970-01-01 00:00:00


Version Info:

0: [No Data]

TrojanDownloader:Win32/Small.RDSA!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Agentb.X!c
MicroWorld-eScanGen:Variant.FakeAlert.2
CAT-QuickHealTjnDroppr.Dapato.S28495190
ALYacGen:Variant.FakeAlert.2
MalwarebytesTrojan.Injector
ZillyaTrojan.Agent.Win32.3012268
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0059450a1 )
AlibabaBackdoor:Win32/Remcos.09de5916
K7GWTrojan ( 0059450a1 )
Cybereasonmalicious.37f13d
BitDefenderThetaAI:Packer.CE79F7CD1F
CyrenW32/Lazy.U.gen!Eldorado
SymantecInfostealer
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SRP
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.Agentb.jiad
BitDefenderGen:Variant.FakeAlert.2
AvastWin32:Evo-gen [Trj]
TencentWin32.Trojan.Agentb.Ytjl
EmsisoftGen:Variant.FakeAlert.2 (B)
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.PWS.Maria.3
VIPREGen:Variant.FakeAlert.2
McAfee-GW-EditionBehavesLike.Win32.Backdoor.dc
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.9ca2aea37f13d040
SophosMal/Generic-S
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.PSE.10AFFS0
JiangminTrojan.Agentb.mxu
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan/Win32.Agentb
ArcabitTrojan.FakeAlert.2
ZoneAlarmTrojan.Win32.Agentb.jiad
MicrosoftTrojanDownloader:Win32/Small.RDSA!MTB
GoogleDetected
AhnLab-V3Trojan/Win.Generic.R497632
Acronissuspicious
McAfeeGenericRXTU-AS!9CA2AEA37F13
VBA32BScope.Trojan.Nitol
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.DcRat!8.129D9 (TFE:1:BNER4NzZWDL)
IkarusTrojan.Win32.Tnega
MaxSecureTrojan.Malware.74005176.susgen
FortinetW32/Tiny.NFR!tr
AVGWin32:Evo-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove TrojanDownloader:Win32/Small.RDSA!MTB?

TrojanDownloader:Win32/Small.RDSA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment