Categories: Trojan

Trojan:Win32/Danabot.RF!MTB information

The Trojan:Win32/Danabot.RF!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Danabot.RF!MTB virus can do?

Executable code extraction
Creates RWX memory
A process attempted to delay the analysis task.
Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
Drops a binary and executes it
Performs some HTTP requests
Unconventionial language used in binary resources: Serbian
Detects the presence of Wine emulator via function name
Detects Sandboxie through the presence of a library
Detects SunBelt Sandbox through the presence of a library
Attempts to remove evidence of file being downloaded from the Internet
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a hidden or system file
Attempts to modify proxy settings
Operates on local firewall’s policies and settings
Creates a copy of itself
Attempts to disable System Restore
Attempts to modify or disable Security Center warnings
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

ssofhoseuegsgrfnu.ru

slpsrgpsrhojifdij.ru

aiiaiafrzrueuedur.ru

fuaiuebndieufeufu.ru

eiifngjfksisiufjf.ru

eoroooskfogihisrg.ru

noeuaoenriusfiruu.ru

iuirshriuisruruuf.ru

afeifieuuufufufuf.ru

srndndubsbsifurfd.ru

fiiauediehduefuge.ru

nousiieiffgogogoo.ru

fifiehsueuufidhfi.ru

eofihsishihiursgu.ru

nnososoosjfeuhueu.ru

ssofhoseuegsgrfnj.su

slpsrgpsrhojifdij.su

aiiaiafrzrueuedur.su

fuaiuebndieufeufu.su

eiifngjfksisiufjf.su

eoroooskfogihisrg.su

noeuaoenriusfiruu.su

iuirshriuisruruuf.su

afeifieuuufufufuf.su

srndndubsbsifurfd.su

fiiauediehduefuge.su

nousiieiffgogogoo.su

fifiehsueuufidhfi.su

eofihsishihiursgu.su

nnososoosjfeuhueu.su

ssofhoseuegsgrfnj.in

slpsrgpsrhojifdij.in

aiiaiafrzrueuedur.in

fuaiuebndieufeufu.in

eiifngjfksisiufjf.in

eoroooskfogihisrg.in

noeuaoenriusfiruu.in

iuirshriuisruruuf.in

afeifieuuufufufuf.in

srndndubsbsifurfd.in

fiiauediehduefuge.in

nousiieiffgogogoo.in

fifiehsueuufidhfi.in

eofihsishihiursgu.in

nnososoosjfeuhueu.in

ssofhoseuegsgrfnj.net

slpsrgpsrhojifdij.net

aiiaiafrzrueuedur.net

fuaiuebndieufeufu.net

eiifngjfksisiufjf.net

eoroooskfogihisrg.net

noeuaoenriusfiruu.net

iuirshriuisruruuf.net

afeifieuuufufufuf.net

srndndubsbsifurfd.net

fiiauediehduefuge.net

nousiieiffgogogoo.net

fifiehsueuufidhfi.net

eofihsishihiursgu.net

ssofhoseuegsgrfnj.biz

slpsrgpsrhojifdij.biz

aiiaiafrzrueuedur.biz

fuaiuebndieufeufu.biz

eiifngjfksisiufjf.biz

eoroooskfogihisrg.biz

noeuaoenriusfiruu.biz

iuirshriuisruruuf.biz

afeifieuuufufufuf.biz

srndndubsbsifurfd.biz

fiiauediehduefuge.biz

How to determine Trojan:Win32/Danabot.RF!MTB?


File Info:
crc32: 3D2C6980md5: 95e6b9a77155d1ce5db4ed593aa1992dname: 95E6B9A77155D1CE5DB4ED593AA1992D.mlwsha1: 5651fc936be32ec69fcbaab4b777345f1dbf95a5sha256: 7082cf0b17da60e7d690d38359b8b71c9e264b920fb7baadf4f11d81da629b89sha512: 68f47f70a5313d4ee7b21613fbfb092049de40af64d70f8907accc0832652048b84b751803fe873efc249821a89401677ea6271ee2d73b4466fc4446d1538c5assdeep: 3072:ZYL2xKUadrED7FWVcdXZENSaVODsm8rvt5XfNJINbc9dn:6LHtwhW/xODir1tfNJINgztype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: Copyright (C) 2018, uecaxnlejveInternalName: uzopamzoFileVersion: 1.6.6.1ProductVersion: 1.4.7.1

Trojan:Win32/Danabot.RF!MTB also known as:

Bkav	W32.FamVT.NemimU.Trojan
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen9.20826
Cynet	Malicious (score: 100)
ALYac	Trojan.BrsecmonE.1
Cylance	Unsafe
Zillya	Adware.Bayrob.Win32.1879
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.77155d
Symantec	Infostealer.Rultazo
ESET-NOD32	a variant of Win32/Kryptik.GNLR
APEX	Malicious
Avast	Win32:BotX-gen [Trj]
ClamAV	Win.Ransomware.Mint-9807934-0
BitDefender	Trojan.BrsecmonE.1
NANO-Antivirus	Trojan.Win32.Bayrob.fktvmi
MicroWorld-eScan	Trojan.BrsecmonE.1
Tencent	Malware.Win32.Gencirc.116e6a32
Ad-Aware	Trojan.BrsecmonE.1
BitDefenderTheta	Gen:NN.ZexaF.34684.tq1@aiw8WQcG
TrendMicro	TrojanSpy.Win32.FAREIT.SMKC.hp
FireEye	Generic.mg.95e6b9a77155d1ce
Emsisoft	Trojan.BrsecmonE.1 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Bayrob.asxh
Avira	TR/Patched.Ren.Gen
Microsoft	Trojan:Win32/Danabot.RF!MTB
Gridinsoft	Ransom.Win32.Gandcrab.oa!s1
Arcabit	Trojan.BrsecmonE.1
ZoneAlarm	HEUR:Trojan-Downloader.Win32.Trik.gen
GData	Trojan.BrsecmonE.1
AhnLab-V3	Trojan/Win32.MalPacked.C4267266
McAfee	Trojan-FPST!95E6B9A77155
MAX	malware (ai score=86)
VBA32	BScope.Trojan.Fuery
Malwarebytes	Trojan.MalPack.GS
TrendMicro-HouseCall	TrojanSpy.Win32.FAREIT.SMKC.hp
Rising	Malware.Heuristic!ET#100% (RDMK:cmRtazrrac5gY2eSvF5Wg+RGYeKj)
Yandex	Trojan.GenAsa!pRj+6tryd6I
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/GenKryptik.CUPF!tr
AVG	Win32:BotX-gen [Trj]