Trojan

About “Trojan:Win32/ClipBanker.GJ!MTB” infection

Malware Removal

The Trojan:Win32/ClipBanker.GJ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/ClipBanker.GJ!MTB virus can do?

  • Attempts to connect to a dead IP:Port (10 unique times)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Starts servers listening on 0.0.0.0:40500
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to remove evidence of file being downloaded from the Internet
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Attempts to modify or disable Security Center warnings

How to determine Trojan:Win32/ClipBanker.GJ!MTB?



File Info:

name: 67BBCF5B171450EAAFF0.mlw
path: /opt/CAPEv2/storage/binaries/66518ab77941eda182c522b9712d6664a70f4e291d823d86cb36183878d8b3e0
crc32: B4F73DD6
md5: 67bbcf5b171450eaaff03c4f958ec6d6
sha1: 18609f5aabcf835e598bc5eccc085899c47f60bf
sha256: 66518ab77941eda182c522b9712d6664a70f4e291d823d86cb36183878d8b3e0
sha512: 1e0912933af03e9854beb968fe16fa93132cf78b1df04aca2ed93a22eb939c52d02d6c012d32c5e65a03e9d8add432219069b96b787c761b97ea5bf53a2e4646
ssdeep: 1536:N3Mz8XVonMAfr1P+5LXnCZqrljS5Fm2B:2wXqfRG5DnZB+5F/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T104732910F6D0C13BF0F740FBD2BB05BA592CEEB86306A8E712D4A59F5B215D1A936463
sha3_384: c9da5809366bcb04d6e7526aac2dd11d5bf72611d52b892cacf43c758185857d9b2dd00dad9919d34795e2569f1008c9
ep_bytes: 558bec81ec4c0c000068a00f0000ff15
timestamp: 2022-05-08 11:47:16


Version Info:

0: [No Data]

Trojan:Win32/ClipBanker.GJ!MTB also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Trojan.FWDisable.emW@aSAIFil
FireEyeGeneric.mg.67bbcf5b171450ea
McAfeeGenericRXAA-FA!67BBCF5B1714
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
BitDefenderGen:Trojan.FWDisable.emW@aSAIFil
CrowdStrikewin/malicious_confidence_70% (D)
CyrenW32/Phorpiex.W.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Phorpiex.V
APEXMalicious
ClamAVWin.Malware.Phorpiex-9938809-0
KasperskyHEUR:Trojan.Win32.Generic
RisingWorm.Phorpiex!8.48D (TFE:dGZlOgMm1DQIHdTxDQ)
Ad-AwareGen:Trojan.FWDisable.emW@aSAIFil
SophosGeneric ML PUA (PUA)
DrWebDLOADER.Trojan
McAfee-GW-EditionBehavesLike.Win32.VTFlooder.lh
EmsisoftGen:Trojan.FWDisable.emW@aSAIFil (B)
IkarusWorm.Win32.Phorpiex
AviraHEUR/AGEN.1237550
MAXmalware (ai score=81)
KingsoftWin32.Heur.KVMH012.a.(kcloud)
MicrosoftTrojan:Win32/ClipBanker.GJ!MTB
ArcabitTrojan.FWDisable.E85BD5
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Trojan.FWDisable.emW@aSAIFil
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C4630408
Acronissuspicious
VBA32BScope.Trojan.Phorpiex
ALYacGen:Trojan.FWDisable.emW@aSAIFil
MalwarebytesMalware.AI.238072483
PandaTrj/GdSda.A
TencentWin32.Trojan.Generic.Wqnj
SentinelOneStatic AI – Malicious PE
FortinetW32/Phorpiex.V!worm
BitDefenderThetaAI:Packer.B7181E891E
AVGWin32:KadrBot [Trj]
AvastWin32:KadrBot [Trj]

How to remove Trojan:Win32/ClipBanker.GJ!MTB?

Trojan:Win32/ClipBanker.GJ!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment