Trojan

Trojan:Win32/Azorult.RTA!MTB removal guide

Malware Removal

The Trojan:Win32/Azorult.RTA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Azorult.RTA!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Spanish (Argentina)
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Trojan:Win32/Azorult.RTA!MTB?



File Info:

name: 7DCDB5FEF8E8D230B852.mlw
path: /opt/CAPEv2/storage/binaries/d0f131fa7ee1bfa32e86895c1a0b5ffffee3c888e5886cf44b8872610a8d67a6
crc32: 1FD82CC0
md5: 7dcdb5fef8e8d230b852c1a54548d0c2
sha1: db43f78e578e47e213e7f8514cc4a931c1968175
sha256: d0f131fa7ee1bfa32e86895c1a0b5ffffee3c888e5886cf44b8872610a8d67a6
sha512: 842d0506b0e3ebc457b6ccfaaa7696f465fd92e9907405455da0514cc7610fe2e8f937e348199b7b3328dbbdeac2f8b1f20c25c772a8cdc26dfa6d65549bf83b
ssdeep: 6144:VDCLjB2vVGe4qT3PB64DhMsBnTOiqTCOltle/Mfjxzq+bCBuzbgwuJG:knB2vVGbGXD39qT7FziBunnX
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B1A4F13579D8C432C17F9571B935CBE46A3AE4321A54A14737B82A3E2D70E9C4EE234E
sha3_384: 9f2402936a8eed2b49dcedc3e0b0f07e463c581f63a7946ac523e340bbb52767511f6956a3062d76a6cf91e45e84a683
ep_bytes: e8cc4d0000e979feffffcccccccccccc
timestamp: 2020-12-16 04:35:06


Version Info:

InternationalName: bomgvioci.iwa
Copyright: Copyrighz (C) 2021, fudkort
ProjectVersion: 3.14.70.17
Translation: 0x0129 0x0794

Trojan:Win32/Azorult.RTA!MTB also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Multi.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47850090
McAfeeArtemis!7DCDB5FEF8E8
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0058cd341 )
AlibabaTrojan:Win32/Raccoon.82097def
Cybereasonmalicious.e578e4
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.HNYE
APEXMalicious
ClamAVWin.Malware.Mikey-9917879-0
KasperskyHEUR:Trojan.Win32.Agent.gen
BitDefenderTrojan.GenericKD.47850090
AvastWin32:BotX-gen [Trj]
TencentWin32.Trojan.Agent.Amcz
Ad-AwareTrojan.GenericKD.47850090
EmsisoftTrojan.Crypt (A)
DrWebTrojan.PWS.Stealer.26952
TrendMicroTROJ_GEN.R002C0PAA22
McAfee-GW-EditionBehavesLike.Win32.Packed.gh
SophosMal/Generic-R + Mal/Agent-AWV
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.BSE.1ML5G04
JiangminTrojan.Agent.dubl
KingsoftWin32.Troj.Generic_a.a.(kcloud)
GridinsoftRansom.Win32.Sabsik.sa
MicrosoftTrojan:Win32/Azorult.RTA!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R463417
VBA32BScope.Trojan.Convagent
ALYacTrojan.GenericKD.47850090
MAXmalware (ai score=84)
MalwarebytesTrojan.MalPack.GS
TrendMicro-HouseCallTROJ_GEN.R002C0PAA22
RisingMalware.Heuristic!ET#89% (RDMK:cmRtazoYj57TsIcqjEPTrRrckd6v)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GenKryptik.ERHN!tr
BitDefenderThetaGen:NN.ZexaF.34114.DqW@aKKeOPTe
AVGWin32:BotX-gen [Trj]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Azorult.RTA!MTB?

Trojan:Win32/Azorult.RTA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment