Trojan

Trojan:Win32/Dridex.RM!MTB removal tips

Malware Removal

The Trojan:Win32/Dridex.RM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Dridex.RM!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the embedded win api malware family
  • Attempts to modify proxy settings
  • Attempts to access Bitcoin/ALTCoin wallets
  • Touches a file containing cookies, possibly for information gathering
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Dridex.RM!MTB?



File Info:

name: 865034E989C30C806B93.mlw
path: /opt/CAPEv2/storage/binaries/417c0b9716d4c1b551d79454de47685eb3e2443b37626c592d2729e64c718004
crc32: 0DB5F761
md5: 865034e989c30c806b930aac1e2d634f
sha1: 59cfef43238f46f710572b125d9b402b713f6a24
sha256: 417c0b9716d4c1b551d79454de47685eb3e2443b37626c592d2729e64c718004
sha512: 826d896211b0ff79451b0e59901c8b2ef60040632cd554c0bcd45e8a5f74c4d3c6a402bec81951ae1f153a1af17b4f120c00540f1f818ea18a571d3e4540cb31
ssdeep: 6144:JmLvgrTuPTEkdOJRxwmMFL5gO2hdrCQ/D1+OpGD+sfYKT:wD5wuOzxw/FFF2hcaDVpGK+T
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EE74E043E647E08AC40740B045AECE6B4136AD608BA157F3BBAC7E8DBAB1DD57437316
sha3_384: c456782ad6627232688ca7e732549951ad3300e5faeb72ad2d34e79973b8a1e27d3357b3b03a1a7c01b421d4732cd129
ep_bytes: e9c9540000e95d040000e978530000e9
timestamp: 2015-03-03 09:35:53


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Application Deployment Support Library
FileVersion: 2.0.50727.42 (RTM.050727-4200)
InternalName: dfshim.dll
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: dfshim.dll
ProductName: Microsoft® .NET Framework
ProductVersion: 2.0.50727.42
Comments: Flavor=Retail
Translation: 0x0409 0x04b0

Trojan:Win32/Dridex.RM!MTB also known as:

AVGWin32:GenMaliciousA-DYM [Trj]
Elasticmalicious (high confidence)
DrWebTrojan.Siggen27.50207
MicroWorld-eScanGen:Heur.Mint.Titirez.vu0@IumR2ani
FireEyeGeneric.mg.865034e989c30c80
SkyhighPacked-FH!865034E989C3
McAfeePacked-FH!865034E989C3
MalwarebytesMalware.AI.4283031098
VIPREGen:Heur.Mint.Titirez.vu0@IumR2ani
SangforSuspicious.Win32.Save.a
K7GWTrojan ( 005b473c1 )
K7AntiVirusTrojan ( 005b473c1 )
BitDefenderThetaGen:NN.ZexaF.36804.vu0@aumR2ani
VirITTrojan.Win32.Crypt3.CJXM
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.DALI
CynetMalicious (score: 100)
APEXMalicious
KasperskyTrojan.Win32.Yakes.jutq
BitDefenderGen:Heur.Mint.Titirez.vu0@IumR2ani
AvastWin32:GenMaliciousA-DYM [Trj]
TencentMalware.Win32.Gencirc.10bfcb6d
EmsisoftGen:Heur.Mint.Titirez.vu0@IumR2ani (B)
F-SecureHeuristic.HEUR/AGEN.1373147
ZillyaTrojan.Kryptik.Win32.4699461
TrendMicroTSPY_DRIDEX.SMN2
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataGen:Heur.Mint.Titirez.vu0@IumR2ani
VaristW32/Kryptik.MBB.gen!Eldorado
AviraHEUR/AGEN.1373147
MAXmalware (ai score=86)
Antiy-AVLTrojan/Win32.Yakes
Kingsoftmalware.kb.a.999
ArcabitTrojan.Mint.Titirez.E9C95E
ZoneAlarmTrojan.Win32.Yakes.jutq
MicrosoftTrojan:Win32/Dridex.RM!MTB
GoogleDetected
VBA32Trojan.Yakes
Cylanceunsafe
PandaTrj/Genetic.gen
TrendMicro-HouseCallTSPY_DRIDEX.SMN2
RisingTrojan.Kryptik!8.8 (TFE:2:ZZ8MuMjW0yG)
YandexTrojan.GenAsa!bsCsLPFZeT0
IkarusTrojan.Win32.Crypt
FortinetW32/Kryptik.DFAR!tr
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Dridex.RM!MTB?

Trojan:Win32/Dridex.RM!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment