What is "TrojanDownloader:Win32/Stealer.CK!MTB"?

The TrojanDownloader:Win32/Stealer.CK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanDownloader:Win32/Stealer.CK!MTB virus can do?

Attempts to connect to a dead IP:Port (1 unique times)
Performs some HTTP requests
Looks up the external IP address
Attempts to repeatedly call a single API many times in order to delay analysis time
Steals private information from local Internet browsers
Collects information about installed applications
Checks the CPU name from registry, possibly for anti-virtualization
Attempts to modify proxy settings
Attempts to access Bitcoin/ALTCoin wallets
Harvests information related to installed instant messenger clients
Collects information to fingerprint the system
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

api.ipify.org

cussoricti.com

How to determine TrojanDownloader:Win32/Stealer.CK!MTB?


File Info:
crc32: 53158AC1
md5: 1db6bd4d13cb9966e8875b3812aef71d
name: 1DB6BD4D13CB9966E8875B3812AEF71D.mlw
sha1: 974c46a807d2d680dad5b6d63c38dd0e06e1ed68
sha256: 9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3
sha512: 550405e7409846ab8673b6eacd1a8132d0582b3cde9360f92d812a9e399ac62459798839ae76e57144933fca2fbe36d89bf66fe72df668774eb5a2514a34ae4b
ssdeep: 6144:RQp4Potn6r86+hePn9VCqqNlFozawUDO/XwOt60v9a+:ip4K4n1221D
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Version Info:
0: [No Data]

TrojanDownloader:Win32/Stealer.CK!MTB also known as:

Bkav	W32.AIDetectVM.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Jaik.41292
FireEye	Generic.mg.1db6bd4d13cb9966
CAT-QuickHeal	Trojan.Zudochka
McAfee	GenericRXMH-DA!1DB6BD4D13CB
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Zudochka.4!c
Sangfor	Malware
K7AntiVirus	Trojan ( 0001555e1 )
BitDefender	Gen:Variant.Jaik.41292
K7GW	Trojan ( 0001555e1 )
Cybereason	malicious.807d2d
TrendMicro	Trojan.Win32.MALREP.THKOEBO
Cyren	W32/Trojan.VFQM-0572
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:TrojanX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Zudochka.vho
Alibaba	TrojanDownloader:Win32/Stealer.cc771880
Rising	Trojan.Agent!8.B1E (TFE:5:FdJXowScMLN)
Ad-Aware	Gen:Variant.Jaik.41292
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Agent.mrwul
DrWeb	Trojan.PWS.Siggen2.58564
Invincea	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
Emsisoft	Gen:Variant.Jaik.41292 (B)
Avira	TR/Agent.mrwul
Microsoft	TrojanDownloader:Win32/Stealer.CK!MTB
Gridinsoft	Trojan.Win32.Downloader.oa
Arcabit	Trojan.Jaik.DA14C
ZoneAlarm	HEUR:Trojan.Win32.Zudochka.vho
GData	Gen:Variant.Jaik.41292
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.RL_Generic.R352614
BitDefenderTheta	Gen:NN.ZexaF.34590.qGX@aGpzdWh
ALYac	Trojan.Agent.Zudochka
VBA32	suspected of Trojan.Downloader.gen.h
Malwarebytes	Trojan.Downloader
Panda	Trj/GdSda.A
ESET-NOD32	a variant of Win32/Agent.UKB
TrendMicro-HouseCall	Trojan.Win32.MALREP.THKOEBO
Tencent	Win32.Trojan.Zudochka.Ecbe
MAX	malware (ai score=100)
Fortinet	W32/Zudochka.UKB!tr
AVG	Win32:TrojanX-gen [Trj]
Paloalto	generic.ml
Qihoo-360	Win32/Trojan.22e

How to remove TrojanDownloader:Win32/Stealer.CK!MTB?

TrojanDownloader:Win32/Stealer.CK!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

What is “TrojanDownloader:Win32/Stealer.CK!MTB”?