Trojan:Win32/GhostRAT.MA!MTB (file analysis)

The Trojan:Win32/GhostRAT.MA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/GhostRAT.MA!MTB virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid

How to determine Trojan:Win32/GhostRAT.MA!MTB?


File Info:
name: B08493D92FB6001297AE.mlw
path: /opt/CAPEv2/storage/binaries/665966c75c327082b910b72c5fdca99a0029633eed52516a4c122836156c545c
crc32: FE6ECA60
md5: b08493d92fb6001297aeba89fd43a5a2
sha1: ea62bb6bde8817ab6f8dbf962b7efbfc4faa5f40
sha256: 665966c75c327082b910b72c5fdca99a0029633eed52516a4c122836156c545c
sha512: a71532454014b7a3f8a679f04c773a69c532856b6f3c07f02e08982ccfa1a8a9e407e4f6f9928a4eb512b772f99eb80b5578e1de7eef8cb391f9decbc8f8413a
ssdeep: 24576:MUc0H4ynjkQoP22LsRRqNuCPsAjeDeeFmaxUKRSwFrke68EeP69p3D/C17JvZGkT:I0Tjk//LsRRqLrHeHRSTePUTC17JJT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11DB59F03B19680F1D16D053444666736AB769F960F349BCFA3A8EEBE1D322D1673324B
sha3_384: 2240d5df2552c54fe6a7e1f58e172fcf9c5c77d8f48e38071b654aae6bdf8a433f089f06896009a1a953b375b294cc08
ep_bytes: 558bec6aff6870fe610068c4b7470064
timestamp: 2023-12-12 05:33:35

Version Info:
0: [No Data]

Trojan:Win32/GhostRAT.MA!MTB also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Multi.Generic.muUy
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Application.Graftor.730190
Skyhigh	BehavesLike.Win32.Generic.vh
McAfee	Artemis!B08493D92FB6
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Application.Graftor.730190
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Trojan:Win32/GhostRAT.19e7a590
K7GW	Trojan ( 005246d51 )
K7AntiVirus	Trojan ( 005246d51 )
Arcabit	Trojan.Application.Graftor.DB244E
BitDefenderTheta	Gen:NN.ZexaF.36680.tsW@ayg0!3cb
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.FlyStudio.AA potentially unwanted
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:Trojan-GameThief.Win32.Magania.ugbc
BitDefender	Gen:Variant.Application.Graftor.730190
NANO-Antivirus	Trojan.Win32.Sdbot.kfhyhx
Avast	Win32:Evo-gen [Trj]
Rising	Trojan.Generic@AI.99 (RDML:+7qhSKRuHpAaHEUWNVpBbw)
Emsisoft	Gen:Variant.Application.Graftor.730190 (B)
F-Secure	Trojan.TR/Dropper.Gen
DrWeb	BackDoor.IRC.Sdbot.34261
Zillya	Trojan.Magania.Win32.75305
TrendMicro	TROJ_GEN.R011C0DLE23
Sophos	Mal/Generic-S
Ikarus	Trojan.Agent
Avira	TR/Dropper.Gen
Antiy-AVL	Trojan/Win32.FlyStudio.a
Kingsoft	Win32.Troj.Undef.a
Xcitium	Worm.Win32.Dropper.RA@1qraug
Microsoft	Trojan:Win32/GhostRAT.MA!MTB
ZoneAlarm	UDS:Trojan-GameThief.Win32.Magania.ugbc
GData	Win32.Application.PSE.1OV7PVV
Varist	W32/S-480dd005!Eldorado
Acronis	suspicious
VBA32	BScope.Trojan.Tiggre
ALYac	Gen:Variant.Application.Graftor.730190
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R011C0DLE23
Yandex	Trojan.GenAsa!NDFzMdZeW+8
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/CoinMiner.PHP!tr
AVG	Win32:Evo-gen [Trj]
Cybereason	malicious.bde881
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/GhostRAT.MA!MTB?

Trojan:Win32/GhostRAT.MA!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X