Trojan:Win32/Emotet.DEV!MTB (file analysis)

Malware Removal

The Trojan:Win32/Emotet.DEV!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Emotet.DEV!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Expresses interest in specific running processes
  • Attempts to modify proxy settings

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan:Win32/Emotet.DEV!MTB?


File Info:

crc32: ADA04967
md5: 16bcd0a10f1a57d1194165dc42fab16f
name: 16BCD0A10F1A57D1194165DC42FAB16F.mlw
sha1: 71d05db8382ea1954bcebea4229b6bfddb78c5cb
sha256: 6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c
sha512: 9c85849680ab5ffd5acf21709f7723b4d13e35c3002a9952e16ab21458f32dd2bf3942d23d996c9020b574881d0a3eb6a4fb6ab4a9743b405433d31cbffa82c7
ssdeep: 6144:NP668F5nAogShzgX0SU98VbhQTK9dYze3gBJabq3rfaQf/keqeAfXwj5uEQqFEV:E683nAo3hzgEx8lgBCecXwj5uEevA
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: CUBE
FileVersion: 1, 0, 0, 1
ProductName: CUBE Application
ProductVersion: 1, 0, 0, 1
FileDescription: CUBE MFC Application
OriginalFilename: CUBE.EXE
Translation: 0x0409 0x04b0

Trojan:Win32/Emotet.DEV!MTB also known as:

K7AntiVirusTrojan ( 005605291 )
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader33.43932
CynetMalicious (score: 99)
ALYacTrojan.EmotetU.Gen.Oy0@baU8kugi
ZillyaBackdoor.Emotet.Win32.265
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 005600261 )
Cybereasonmalicious.10f1a5
CyrenW32/Emotet.ALG.gen!Eldorado
ESET-NOD32Win32/Emotet.CD
APEXMalicious
AvastWin32:BankerX-gen [Trj]
ClamAVWin.Malware.Emotet-7997949-0
KasperskyHEUR:Backdoor.Win32.Emotet.vho
BitDefenderTrojan.EmotetU.Gen.Oy0@baU8kugi
MicroWorld-eScanTrojan.EmotetU.Gen.Oy0@baU8kugi
TencentMalware.Win32.Gencirc.10cdd171
Ad-AwareTrojan.EmotetU.Gen.Oy0@baU8kugi
SophosML/PE-A + Mal/EncPk-APM
BitDefenderThetaGen:NN.Zextet.34126.Oy0@aaU8kugi
TrendMicroTrojanSpy.Win32.EMOTET.SMV.hp
McAfee-GW-EditionEmotet-FQU!16BCD0A10F1A
FireEyeGeneric.mg.16bcd0a10f1a57d1
EmsisoftTrojan.Emotet (A)
SentinelOneStatic AI – Suspicious PE
JiangminBackdoor.Emotet.fq
AviraHEUR/AGEN.1135034
Antiy-AVLTrojan/Generic.ASMalwS.307C378
MicrosoftTrojan:Win32/Emotet.DEV!MTB
ArcabitTrojan.EmotetU.Gen.ED1641C
SUPERAntiSpywareTrojan.Agent/Gen-Emotet
ZoneAlarmHEUR:Backdoor.Win32.Emotet.vho
GDataTrojan.EmotetU.Gen.Oy0@baU8kugi
AhnLab-V3Malware/Win32.RL_Generic.R351996
McAfeeEmotet-FQU!16BCD0A10F1A
MAXmalware (ai score=83)
VBA32Backdoor.Emotet
MalwarebytesTrojan.Emotet
PandaTrj/Emotet.C
TrendMicro-HouseCallTrojanSpy.Win32.EMOTET.SMV.hp
RisingTrojan.Kryptik!1.C82B (CLASSIC)
YandexTrojan.Emotet!ePZLBB7VO48
IkarusTrojan-Banker.Emotet
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Emotet.ADDK!tr
AVGWin32:BankerX-gen [Trj]

How to remove Trojan:Win32/Emotet.DEV!MTB?

Trojan:Win32/Emotet.DEV!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment