Trojan:Win32/CookiesStealer.OE!MTB (file analysis)

Malware Removal

The Trojan:Win32/CookiesStealer.OE!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/CookiesStealer.OE!MTB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Creates RWX memory
  • Attempts to connect to a dead IP:Port (8 unique times)
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Forces a created process to be the child of an unrelated process
  • Executed a process and injected code into it, probably while unpacking
  • Queries information on disks, possibly for anti-virtualization
  • A process attempted to delay the analysis task by a long amount of time.
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Steals private information from local Internet browsers
  • Network activity contains more than one unique useragent.
  • Installs itself for autorun at Windows startup
  • Exhibits possible ransomware file modification behavior
  • Writes a potential ransom message to disk
  • Creates a hidden or system file
  • Attempts to modify proxy settings
  • Collects information to fingerprint the system
  • Uses suspicious command line tools or Windows utilities

Related domains:

niks.webtm.ru
www.bing.com
iplogger.org
www.listincode.com
ip-api.com
ocsp.digicert.com
statuse.digitalcertvalidation.com
www.facebook.com
limesfile.com
ocsp.comodoca.com
ocsp.usertrust.com
ocsp.sectigo.com
email.yg9.me
bandakere.tumblr.com
iw.gamegame.info
ol.gamegame.info
s2.symcb.com
uehge4g6gh.2ihsfa.com

How to determine Trojan:Win32/CookiesStealer.OE!MTB?


File Info:

crc32: F013EEBB
md5: 89807de693c5d845d463f6da8990befd
name: 89807DE693C5D845D463F6DA8990BEFD.mlw
sha1: 87c57a25a1837cefe066411f61e89e4d3617707b
sha256: 3d30ffd438512742fc01ca5df9c4b9d0deb9f908ef56e7dd3e284eec904f517d
sha512: d1c5c5ffd3bfc70107b31cc19a880eec2247c0a3044bfaf1595a92708c76b5bf7a971c7c514c1c2b1578519a45fe7bcaf3d4aec078cab1b5222be20c2f2124b9
ssdeep: 98304:UbnFZeT8F+BmZ+DrZ3smjx/KNLTBXSX47C+kyZ9k2:Ufa8F+cAJcNLTJSqjk2
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Trojan:Win32/CookiesStealer.OE!MTB also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0056e5201 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen2.65228
CynetMalicious (score: 100)
CAT-QuickHealTrojanDownloader.MSIL
ALYacTrojan.Agent.Raccoon
ZillyaTrojan.ScriptKD.JS.10
SangforBackdoor.Win32.Agent.myubrz
CrowdStrikewin/malicious_confidence_100% (W)
AlibabaTrojanDownloader:Win32/CookiesStealer.38aaa9c3
K7GWTrojan ( 0056e5201 )
Cybereasonmalicious.693c5d
CyrenW32/Trojan.PDZT-4360
SymantecTrojan.Gen.MBT
ESET-NOD32multiple detections
APEXMalicious
AvastWin32:Trojan-gen
ClamAVWin.Malware.Generic-9866235-0
KasperskyBackdoor.Win32.Agent.myubrz
BitDefenderTrojan.GenericKD.46460617
NANO-AntivirusTrojan.Win32.Voda.iwelcn
ViRobotTrojan.Win32.Z.Wacatac.3980457
MicroWorld-eScanTrojan.GenericKD.46460617
TencentMsil.Trojan-downloader.Voda.Ecai
Ad-AwareTrojan.GenericKD.46460617
SophosGeneric ML PUA (PUA)
ComodoTrojWare.Win32.Agent.xuhtz@0
BitDefenderThetaGen:NN.ZemsilF.34738.jm0@aS9qh!d
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0WF721
McAfee-GW-EditionBehavesLike.Win32.TrojanAitInject.wc
FireEyeTrojan.GenericKD.46460617
EmsisoftTrojan.GenericKD.46460617 (B)
SentinelOneStatic AI – Malicious SFX
AviraTR/Redcap.nvvjt
Antiy-AVLTrojan/Generic.ASMalwS.32E0A1D
KingsoftWin32.Hack.Undef.(kcloud)
MicrosoftTrojan:Win32/CookiesStealer.OE!MTB
GridinsoftTrojan.Win32.Downloader.sa
ArcabitTrojan.Generic.D2C4EEC9
AegisLabTrojan.Win32.Agent.m!c
GDataWin32.Trojan.BSE.11W6XSF
AhnLab-V3Trojan/Win.Generic.C4521208
McAfeeArtemis!89807DE693C5
MAXmalware (ai score=87)
VBA32TrojanPSW.MSIL.Reline
MalwarebytesMalware.AI.1801299194
PandaTrj/CI.A
RisingMalware.Obscure/Heur!1.A89F (CLASSIC:4a8pCGf2dh6rfOBOjzgoUg)
IkarusTrojan.MSIL.Confuser
FortinetW32/Voda!tr.dldr
AVGWin32:Trojan-gen
Paloaltogeneric.ml

How to remove Trojan:Win32/CookiesStealer.OE!MTB?

Trojan:Win32/CookiesStealer.OE!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment