TrojanDropper:Win32/Bamital.I (file analysis)

Malware Removal

The TrojanDropper:Win32/Bamital.I is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What TrojanDropper:Win32/Bamital.I virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Deletes its original binary from disk
  • Network activity detected but not expressed in API logs
  • Creates a copy of itself

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine TrojanDropper:Win32/Bamital.I?


File Info:

crc32: 2E363695
md5: 06fed93cd78f01151a6405aece949ecf
name: 06FED93CD78F01151A6405AECE949ECF.mlw
sha1: ae835f573711ac30ae11e214f5e51ad1485802e7
sha256: d61cb447dd5823d48592900d7381fa307c7b872d052bb9ee2967b3a456bfc815
sha512: a0836acae6c578217db048fe5eafccea5509f7977505e0a3f5065ebabecc6fdf2448b800361d1c4e7230a76c689e3f4f624b9c1292bda2df53aea9d05d056f09
ssdeep: 1536:p+hxyns3azgu5f3fx2cfQH4O7CJzPkyEq57eZ3GQt/69:pMwOXMf3tkyzP95a3GT9
type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed

Version Info:

LegalCopyright: Copyright xa9 Eesoy Software 1998-2010
InternalName: Eesoy
FileVersion: 459
CompanyName: ASD SOFTWIN
ProductName: Eesoy Xqkvem Jsokq
ProductVersion: 6.4
FileDescription: ASD BitDefender
OriginalFilename: Eesoy.exe
Translation: 0x0409 0x04e4

TrojanDropper:Win32/Bamital.I also known as:

BkavW32.SasfisQKC.Fam.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.446785
FireEyeGeneric.mg.06fed93cd78f0115
CAT-QuickHealTrojan.Bamital.EC
McAfeeArtemis!06FED93CD78F
CylanceUnsafe
VIPRETrojan.Win32.Spyeye.tma (v)
AegisLabTrojan.Win32.Gimemo.lrgx
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0021ec691 )
BitDefenderGen:Variant.Razy.446785
K7GWTrojan ( 0021ec691 )
Cybereasonmalicious.cd78f0
BitDefenderThetaGen:NN.ZexaF.34590.dmKfa0Ssupkc
CyrenW32/FakeAlert.LF.gen!Eldorado
SymantecDownloader.Lofog!gen5
ESET-NOD32Win32/Bamital.FA
APEXMalicious
AvastFileRepMalware
ClamAVWin.Trojan.Patcher-7
KasperskyTrojan-Ransom.Win32.Foreign.ndpp
AlibabaRansom:Win32/Bamital.97f692ef
NANO-AntivirusTrojan.Win32.PornoBlocker.iecat
ViRobotTrojan.Win32.A.PornoBlocker.59904
TencentWin32.Trojan.Gimemo.cqw
Ad-AwareGen:Variant.Razy.446785
EmsisoftGen:Variant.Razy.446785 (B)
ComodoTrojWare.Win32.Bamital.FA@2vmk5j
F-SecureTrojan.TR/Dropper.Gen
DrWebTrojan.Hosts.4025
ZillyaTrojan.PornoBlocker.Win32.1272
TrendMicroTROJ_KRYPTK.SM11
McAfee-GW-EditionPWS-Zbot.gen.do
SophosML/PE-A + Mal/EncPk-AAY
IkarusTrojan-Ransom.PornoBlocker
JiangminTrojan/PornoBlocker.axu
Webrootnone
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan[Ransom]/Win32.Gimemo
MicrosoftTrojanDropper:Win32/Bamital.I
ArcabitTrojan.Razy.D6D141
SUPERAntiSpywareTrojan.Agent/Gen-Falint
AhnLab-V3Win-Trojan/Aresclass.Gen
ZoneAlarmTrojan-Ransom.Win32.Foreign.ndpp
GDataGen:Variant.Razy.446785
CynetMalicious (score: 100)
TotalDefenseWin32/PornoBlocker.EW
Acronissuspicious
VBA32Trojan.SB.01742
ALYacGen:Variant.Razy.446785
TACHYONRansom/W32.Foreign.112640
MalwarebytesMalware.Heuristic.1003
PandaBck/Qbot.AO
TrendMicro-HouseCallTROJ_KRYPTK.SM11
RisingRansom.PornoBlocker!8.24E (CLOUD)
YandexTrojan.GenAsa!5K2XOlkh3MI
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Ransom.Win32.Gimemo.cpe
FortinetW32/Kryptik.WDN!tr
AVGFileRepMalware
CrowdStrikewin/malicious_confidence_70% (D)
Qihoo-360Trojan.Win32.Bamital.A

How to remove TrojanDropper:Win32/Bamital.I?

TrojanDropper:Win32/Bamital.I removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment