What is “Trojan:Win32/Emotet.DHF!MTB”?

The Trojan:Win32/Emotet.DHF!MTB file is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Trojan:Win32/Emotet.DHF!MTB virus can do?

• Executable code extraction
• Creates RWX memory
• Possible date expiration check, exits too soon after checking local time
• Mimics the system’s user agent string for its own requests
• Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
• Drops a binary and executes it
• Deletes its original binary from disk
• Attempts to remove evidence of file being downloaded from the Internet
• Attempts to repeatedly call a single API many times in order to delay analysis time
• Installs itself for autorun at Windows startup
• Creates a copy of itself
• Anomalous binary characteristics

How to determine Trojan:Win32/Emotet.DHF!MTB?

General:
Operating System: Windows 7 / 8 / 8.1 / 10
Virus Name: Trojan.Kryptik.Win32.1817099


File Info:
Name: jpZWCYYpDoy8aLt4g.exe
Size: 614197
Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5: db4fddea594da474d4744424fbaf8fef
SHA1: 48a6700da864ec6597575acfb1b470a2df315b82
SH256: f329c30e3bf152e37ed6b7d1b39b311627d0b64a975003eb818e2301257574e0
 
Version Info:
 [No Data] 

Trojan:Win32/Emotet.DHF!MTB also known as:

ALYac	Trojan.Agent.Emotet
APEX	Malicious
AVG	Win32:Trojan-gen
Ad-Aware	Trojan.GenericKD.32678549
AhnLab-V3	Malware/Win32.Generic.C3541848
Alibaba	Trojan:Win32/Emotet.78ac813d
Arcabit	Trojan.Generic.D1F2A295
Avast	Win32:Trojan-gen
Avira	TR/AD.Emotet.tstff
BitDefender	Trojan.GenericKD.32678549
BitDefenderTheta	Gen:NN.ZexaF.32253.LGX@aeSeQ7fi
CAT-QuickHeal	Trojan.IgenericPMF.S8756617
ClamAV	Win.Dropper.Emotet-7370218-0
Comodo	Malware@#3fdlxbo6v4na2
CrowdStrike	win/malicious_confidence_90% (W)
Cybereason	malicious.da864e
Cylance	Unsafe
Cyren	W32/Kryptik.AOF.gen!Eldorado
DrWeb	Trojan.Emotet.762
ESET-NOD32	a variant of Win32/Kryptik.GXWA
Endgame	malicious (high confidence)
F-Prot	W32/Kryptik.AOF.gen!Eldorado
F-Secure	Trojan.TR/AD.Emotet.tstff
FireEye	Generic.mg.db4fddea594da474
Fortinet	W32/TrickBot.CJ!tr
GData	Trojan.GenericKD.32678549
Ikarus	Trojan-Banker.Emotet
Jiangmin	Trojan.Banker.Emotet.mdf
K7AntiVirus	Trojan ( 0055abaf1 )
K7GW	Trojan ( 0055abaf1 )
Kaspersky	HEUR:Trojan-Banker.Win32.Emotet.pef
MAX	malware (ai score=81)
Malwarebytes	Trojan.Emotet
MaxSecure	Trojan.Malware.73767892.susgen
McAfee	Emotet-FOL!DB4FDDEA594D
McAfee-GW-Edition	BehavesLike.Win32.Generic.hh
MicroWorld-eScan	Trojan.GenericKD.32678549
Microsoft	Trojan:Win32/Emotet.DHF!MTB
NANO-Antivirus	Trojan.Win32.Kryptik.gfleuz
Paloalto	generic.ml
Panda	Trj/Genetic.gen
Qihoo-360	Win32/Trojan.2a6
Rising	Trojan.Generic@ML.90 (RDML:KMG/+lRIIDVlibcmI0yg2A)
SUPERAntiSpyware	Trojan.Agent/Gen-Emotet
SentinelOne	DFI – Malicious PE
Symantec	Trojan Horse
TrendMicro	TROJ_GEN.R015C0DK319
TrendMicro-HouseCall	TROJ_GEN.R015C0DK319
VBA32	Trojan.Emotet
VIPRE	Trojan.Win32.Generic!BT
ViRobot	Trojan.Win32.Emotet.613888
Webroot	W32.Trojan.Emotet
Yandex	Trojan.Kryptik!WxKELaJV6Nk
Zillya	Trojan.Kryptik.Win32.1817099
ZoneAlarm	HEUR:Trojan-Banker.Win32.Emotet.pef

How to remove Trojan:Win32/Emotet.DHF!MTB?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.