Trojan

What is “Trojan:Win32/Emotet.PSR!MTB”?

Malware Removal

The Trojan:Win32/Emotet.PSR!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Emotet.PSR!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the Emotet malware family
  • Attempts to modify proxy settings

How to determine Trojan:Win32/Emotet.PSR!MTB?



File Info:

name: EF92B3A85103AE5B746D.mlw
path: /opt/CAPEv2/storage/binaries/61ee7629faeedd2eefe3443b17602bbeadc4bfb1a8092218cfb52fef56b8b5fa
crc32: 29165A61
md5: ef92b3a85103ae5b746dd2eb46758caa
sha1: 4aedcf91d30ca5011d8230f70d62a5b42dbf0fab
sha256: 61ee7629faeedd2eefe3443b17602bbeadc4bfb1a8092218cfb52fef56b8b5fa
sha512: c63b288f1a1f27d139e608c0d06350c036acaa437b83ec018267be662281790009783ca5f433fd76503e4301fdc57e96a761a4343a67dcc43e643bf2f3a8ffe8
ssdeep: 6144:2HxMkqcOyqO0IgLpojy30FlibIlshaQNcSYu7ezVIjOZs2tORiI2xm8m+1raKW/Q:a9qdIMFBIlshrNcSYu7eBG28qmJd/Q
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T183A46C11FE91C435C62632314EA7C27876A9AC619E3487877BD03F3D6E346C2AD3971A
sha3_384: 7a9bfc9d55a8f88d768a68bff3275e76d09377b3b340adfdeafa9e0c138971a781d78b3f9beb761b83cb3e1db3f790de
ep_bytes: e8fd780000e978feffff6a0c68b8b045
timestamp: 2020-06-28 19:11:18


Version Info:

FileDescription: SNAP MFC Application
FileVersion: 1, 0, 0, 1
InternalName: SNAP
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: SNAP.EXE
ProductName: SNAP Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Trojan:Win32/Emotet.PSR!MTB also known as:

LionicTrojan.Win32.Emotet.L!c
Elasticmalicious (high confidence)
DrWebTrojan.DownLoader33.58515
CynetMalicious (score: 100)
FireEyeGeneric.mg.ef92b3a85103ae5b
CAT-QuickHealTrojan.IgenericPMF.S14681040
ALYacDeepScan:Generic.Exploit.Shellcode.RDI.1.D491A8A7
CylanceUnsafe
ZillyaBackdoor.Emotet.Win32.337
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00569c311 )
AlibabaTrojan:Win32/Emotet.964b45d8
K7GWTrojan ( 00569c311 )
Cybereasonmalicious.85103a
BitDefenderThetaGen:NN.ZexaF.34182.Cq0@a4D3Kumi
CyrenW32/Trickbot.EG.gen!Eldorado
SymantecTrojan.Emotet
ESET-NOD32a variant of Win32/Kryptik.HEMS
Paloaltogeneric.ml
ClamAVWin.Trojan.Emotet-9812564-0
KasperskyHEUR:Backdoor.Win32.Emotet.vho
BitDefenderDeepScan:Generic.Exploit.Shellcode.RDI.1.D491A8A7
NANO-AntivirusTrojan.Win32.Emotet.idovcz
SUPERAntiSpywareTrojan.Agent/Gen-Emotet
MicroWorld-eScanDeepScan:Generic.Exploit.Shellcode.RDI.1.D491A8A7
AvastWin32:CrypterX-gen [Trj]
TencentMalware.Win32.Gencirc.11a0c153
SophosMal/Generic-S
ComodoMalware@#3mmm80ror52lo
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Emotet.gh
EmsisoftTrojan.Emotet (A)
IkarusTrojan.Agent
JiangminBackdoor.Emotet.lh
MaxSecureTrojan.Malware.74836433.susgen
AviraHEUR/AGEN.1137293
Antiy-AVLTrojan/Generic.ASMalwS.30A8B89
MicrosoftTrojan:Win32/Emotet.PSR!MTB
GDataDeepScan:Generic.Exploit.Shellcode.RDI.1.D491A8A7
SentinelOneStatic AI – Suspicious PE
AhnLab-V3Malware/Win32.RL_Generic.R361579
McAfeeEmotet-FRC!EF92B3A85103
VBA32BScope.TrojanBanker.Emotet
MalwarebytesTrojan.MalPack.TRE
APEXMalicious
RisingTrojan.Kryptik!1.C886 (CLOUD)
YandexTrojan.Kryptik!w5v3iwFUKiU
MAXmalware (ai score=86)
FortinetW32/Emotet.MLC!tr
AVGWin32:CrypterX-gen [Trj]
PandaTrj/Emotet.C
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Emotet.PSR!MTB?

Trojan:Win32/Emotet.PSR!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment