Trojan

Trojan:Win32/Emotet.DBX!MTB malicious file

Malware Removal

The Trojan:Win32/Emotet.DBX!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Emotet.DBX!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Attempts to stop active services
  • Collects and encrypts information about the computer likely to send to C2 server
  • Spoofs its process name and/or associated pathname to appear as a legitimate process
  • CAPE detected the TrickBot malware family
  • Creates a copy of itself
  • Attempts to disable Windows Defender
  • Attempts to modify Windows Defender using PowerShell
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan:Win32/Emotet.DBX!MTB?



File Info:

name: 7882A5A01E9B18FFF8BF.mlw
path: /opt/CAPEv2/storage/binaries/26a2a94ba7ed6da9b28f5bc0808310839efd21f6fa500cf74988514bca0130e7
crc32: 47897E9C
md5: 7882a5a01e9b18fff8bf2358155f3da7
sha1: 01857cfe5a090d529eda2c3c8b07817262c0ce67
sha256: 26a2a94ba7ed6da9b28f5bc0808310839efd21f6fa500cf74988514bca0130e7
sha512: 69d373ee171ec4dcac40a8e88a58277a1c369e868d15bc21348a0aeb3dc704ed67ee99600d9646334a0c1095e1134f48829f9ab983117b7dc4e7768569cccde7
ssdeep: 6144:lQC4kDr4Y+LjP8TQ+8UuJmlX0xPAkzLtLKLM47K:l4A9T3uJmlX0xrnt4m
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1684423C6E90444EBF3A5CB740BAFDD94C8922089F560D2BF849B205307C98D5D9BE7A7
sha3_384: 9b950ecf1180879818d0dc38070c09a8915cce9f27fc08a4c02a626a2ed98c769ddd119ef0fd97253c783964976dccba
ep_bytes: e885040000e936fdffff8bff558bec81
timestamp: 2018-11-21 06:59:48


Version Info:

FileDescription: Toolset
FileVersion: 1, 0, 0, 1
InternalName: Toolset
LegalCopyright: Copyright (C) 2018
OriginalFilename: Toolset.exe
ProductName: Toolset Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Trojan:Win32/Emotet.DBX!MTB also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47285369
FireEyeGeneric.mg.7882a5a01e9b18ff
McAfeeTrojan-FPZP!7882A5A01E9B
CylanceUnsafe
ZillyaTrojan.Trickster.Win32.1210
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00541b7e1 )
AlibabaTrojanBanker:Win32/Trickster.246518d3
K7GWTrojan ( 00541b7e1 )
Cybereasonmalicious.01e9b1
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.GNAA
APEXMalicious
Paloaltogeneric.ml
KasperskyTrojan-Banker.Win32.Trickster.acg
BitDefenderTrojan.GenericKD.47285369
NANO-AntivirusTrojan.Win32.Kryptik.fkmekx
AvastWin32:Malware-gen
TencentWin32.Trojan-banker.Trickster.Airy
Ad-AwareTrojan.GenericKD.47285369
SophosMal/Generic-S
ComodoMalware@#32nw6m9byvex2
DrWebTrojan.DownLoader27.16214
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0DGS21
McAfee-GW-EditionBehavesLike.Win32.Packed.dc
EmsisoftTrojan.GenericKD.47285369 (B)
IkarusTrojan.AD.TrickBot
GDataTrojan.GenericKD.47285369
JiangminTrojan.Banker.Trickster.fx
AviraTR/AD.TrickBot.euxbb
MAXmalware (ai score=98)
Antiy-AVLTrojan/Generic.ASMalwS.299F44C
MicrosoftTrojan:Win32/Emotet.DBX!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C2854528
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34294.qu0@aWgD7Cpi
ALYacTrojan.GenericKD.47285369
VBA32BScope.Trojan.Inject
MalwarebytesTrojan.TrickBot
TrendMicro-HouseCallTROJ_GEN.R002C0DGS21
RisingTrojan.Generic@ML.82 (RDML:G0sqTvp10Bpfre8i9iQwYQ)
YandexTrojan.GenAsa!fR+8PxFj8zg
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AC.42FA96
AVGWin32:Malware-gen
PandaTrj/RnkBend.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Emotet.DBX!MTB?

Trojan:Win32/Emotet.DBX!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment