Categories: Trojan

Should I remove “Trojan:Win32/Amadey.RDS!MTB”?

The Trojan:Win32/Amadey.RDS!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Amadey.RDS!MTB virus can do?

Behavioural detection: Executable code extraction – unpacking
Uses Windows utilities for basic functionality
HTTPS urls from behavior.
Drops a binary and executes it
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Uses Windows utilities to create a scheduled task
Behavioural detection: Transacted Hollowing
CAPE detected the shellcode get eip malware family
Attempts to identify installed AV products by installation directory
Attempts to modify proxy settings
Creates a copy of itself
Anomalous binary characteristics
Uses suspicious command line tools or Windows utilities
Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Amadey.RDS!MTB?


File Info:
name: B9AD658B6F9D83B09BD4.mlwpath: /opt/CAPEv2/storage/binaries/29cffe1382ef9f9c93cb8678fc986b4b2c15ad937747f75871597d024d4c04facrc32: C0672F88md5: b9ad658b6f9d83b09bd48bff50b54336sha1: 086db45f564c3de191c4683502940d5c7a7857c9sha256: 29cffe1382ef9f9c93cb8678fc986b4b2c15ad937747f75871597d024d4c04fasha512: a8fc561a5f90503c5bf369c05bd0a3ace426c71e1a1cc7a15f56514f8f81692ad2016c9521c4139b16614978470960b483a3bc2eb1dd5c317536237e454f9e59ssdeep: 12288:kMe9zV8P7H2Ggnbo7YNQQ2YcKify3iSw4RkOpauUPnIpVYHFjZq4my:ru8r2XnkwQbsiK3nR4k0jZqtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T10A0523AC1F272341F9A7F6B654CB429DA6B876EA16480E0D250F67091DB4ACCCF3560Fsha3_384: 22725a1a52d206ec6024f12f38380efd66abb2bdb0e9c7c50868d8b365cb45085dd79833fd4c13f145033a50a3999272ep_bytes: 60e8000000005d81ed0600000081edd4timestamp: 2024-01-04 16:01:48
Version Info:
CompanyName: The Enigma Protector Developers TeamFileDescription: Software Protection ToolFileVersion: 1.0.0.0InternalName: ENIGMA.EXELegalCopyright: Copyrights (C) 2002-2009 Vladimir SukhovLegalTrademarks: Trademarks (R) 2002-2009 Vladimir SukhovOriginalFilename: enigma.exeProductName: The Enigma ProtectorProductVersion: 1.0.0.0Comments: http://enigmaprotector.com/Translation: 0x0409 0x04b0

Trojan:Win32/Amadey.RDS!MTB also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.VBKrypt.lwTF
tehtris	Generic.Malware
ClamAV	Win.Trojan.Scar-6903585-0
FireEye	Generic.mg.b9ad658b6f9d83b0
Skyhigh	BehavesLike.Win32.Expiro.bc
Cylance	unsafe
Sangfor	Trojan.Win32.Agent.Vs2e
Cybereason	malicious.f564c3
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Enigma.AAF
Zoner	Probably Heur.ExeHeaderL
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	WAT:Blacked-E
Tencent	Win32.Trojan-Dropper.Agent.Ltgl
F-Secure	Heuristic.HEUR/AGEN.1306387
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.VBKrypt
GData	Win32.Trojan.PSE.1MM7UFO
Webroot	W32.Malware.Gen
Google	Detected
Avira	HEUR/AGEN.1306387
Antiy-AVL	Trojan[Packed]/Win32.Enigma
Kingsoft	malware.kb.a.973
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Amadey.RDS!MTB
VBA32	BScope.Trojan.Bitrep
Malwarebytes	Generic.Malware.AI.DDS
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Blacked.E!tr
BitDefenderTheta	Gen:NN.ZexaF.36680.XG0@aCN2aaai
AVG	WAT:Blacked-E
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)