Trojan

Trojan:Win32/Dridex.PAD!MTB removal instruction

Malware Removal

The Trojan:Win32/Dridex.PAD!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Dridex.PAD!MTB virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Creates RWX memory
  • A process created a hidden window
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

How to determine Trojan:Win32/Dridex.PAD!MTB?



File Info:

crc32: 13520212
md5: d17397b16b127f8e525f5b6acc121b1a
name: D17397B16B127F8E525F5B6ACC121B1A.mlw
sha1: cdf9c51d9fa1f1fd1eb4f4e231f67bbc826ba6d6
sha256: 11a37b108a01f9c6bcb2bbf4f7cd72d407280b9f3d33c223cc67bc2c6656c012
sha512: cd1a27726ee4d1982f3fb627315e65419f0b4bfe42bb3e3e2d83ae2193543787580fa9ba7e9b2bdf190975cc2172be39b7ba262a5b59b8db1d0459fc630caf32
ssdeep: 12288:B0CIKTA4ZHoeJnCB67crA87npTRQXOjytTr+lnPdJdgdzbrw0SqGEWHqwSI:B0C3BhdsBmEXpd+xCLWzn6Fup
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Six Mountain Corporation. All rights reserved
InternalName: Six
FileVersion: 6.7.6.64
CompanyName: Six Mountain Corporation
ProductName: Six Mountainxae Act Bestmultiplyxae
ProductVersion: 6.7.6.64
FileDescription: Six Mountain Act Bestmultiply Afraidborn
OriginalFilename: arm.dll
Translation: 0x0409 0x04b0

Trojan:Win32/Dridex.PAD!MTB also known as:

Elasticmalicious (high confidence)
DrWebTrojan.Inject4.10945
ALYacTrojan.GenericKDZ.74500
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.3078832
K7GWTrojan ( 0057b44b1 )
K7AntiVirusTrojan ( 0057b44b1 )
CyrenW32/Sdum.A.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HKNF
AvastWin32:CrypterX-gen [Trj]
CynetMalicious (score: 99)
KasperskyVHO:Trojan.Win32.Sdum.gen
BitDefenderTrojan.GenericKDZ.74500
NANO-AntivirusTrojan.Win32.Inject4.iuktji
MicroWorld-eScanTrojan.GenericKDZ.74500
Ad-AwareTrojan.GenericKDZ.74500
SophosMal/Generic-R + Troj/Qbot-GH
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionTrojan-FTDK!D17397B16B12
FireEyeTrojan.GenericKDZ.74500
EmsisoftTrojan.Crypt (A)
SentinelOneStatic AI – Suspicious PE
AviraTR/Crypt.Agent.sfvep
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojan:Win32/Dridex.PAD!MTB
ArcabitTrojan.Generic.D12304
GDataTrojan.GenericKDZ.74500
AhnLab-V3Trojan/Win.Generic.R417296
McAfeeTrojan-FTDK!D17397B16B12
MAXmalware (ai score=81)
VBA32Trojan.Sdum
MalwarebytesTrojan.Agent
PandaTrj/GdSda.A
RisingTrojan.GenKryptik!8.AA55 (C64:YzY0OmKhg3FlCIYc)
YandexTrojan.Kryptik!4xzs7WEwWj4
IkarusWin32.Outbreak
MaxSecureTrojan.Malware.74733560.susgen
FortinetW32/GenKryptik.FEIK!tr
AVGWin32:CrypterX-gen [Trj]

How to remove Trojan:Win32/Dridex.PAD!MTB?

Trojan:Win32/Dridex.PAD!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment