Trojan

Should I remove “Trojan:Win32/Glupteba.XO!MTB”?

Malware Removal

The Trojan:Win32/Glupteba.XO!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Trojan:Win32/Glupteba.XO!MTB virus can do?

  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Trojan:Win32/Glupteba.XO!MTB?


File Info:

name: 04B27C9DCA52512C21F6.mlw
path: /opt/CAPEv2/storage/binaries/b1eaa9bd068297c084b9e5b33777ec9023ad0539836aeb045f5c54be8d839c2d
crc32: 24E85C24
md5: 04b27c9dca52512c21f6c9cbd5a8c760
sha1: 422ae4e0251317aefb949de953756e32406fa79d
sha256: b1eaa9bd068297c084b9e5b33777ec9023ad0539836aeb045f5c54be8d839c2d
sha512: c4007b34adbbc5bf44b47eeef59a0bff93d62f55aa673e649824760ddd579cfb2706c80c2c20f2187d7d3b07ee923599255f4771f0b45ce8eea2c6581609d2ba
ssdeep: 1536:3Qn72xhU1zB1WQm2yXfxyW9vx5SeLMQp5kNipgxP1HFQ8+2ZfSbm+6z5Oim+NQJ5:ypB1xm2oyo5Y3IpYP1lZfSbWFObz
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F4F3B0D744F4E065D8170D7486AEBB95FD7738829720CE289F3E24D54CA42B88C1BABD
sha3_384: 28a5b35e8e339001178d8cb889d39e4f82c935704a1034fd8555d785e4233764de3a56f616d3c2ac28520a6ae4d1ebda
ep_bytes: 83ec04c7042400000000585121fb81eb
timestamp: 1970-01-01 00:00:00

Version Info:

0: [No Data]

Trojan:Win32/Glupteba.XO!MTB also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Razy.866116
FireEyeGeneric.mg.04b27c9dca52512c
McAfeeGlupteba-FTTQ!04B27C9DCA52
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 0058e60a1 )
K7GWTrojan ( 0058e60a1 )
Cybereasonmalicious.dca525
CyrenW32/Kryptik.ECM.gen!Eldorado
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.XVS
APEXMalicious
ClamAVWin.Malware.Razy-9951475-0
KasperskyHEUR:Trojan.Win32.Copak.vho
BitDefenderGen:Variant.Razy.866116
NANO-AntivirusVirus.Win32.Gen.ccmw
TencentTrojan.Win32.Copak.zd
Ad-AwareGen:Variant.Razy.866116
SophosML/PE-A + Troj/Agent-BGOS
McAfee-GW-EditionBehavesLike.Win32.RAHack.ch
Trapminemalicious.high.ml.score
EmsisoftGen:Variant.Razy.866116 (B)
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.EG2GAQ
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=86)
MicrosoftTrojan:Win32/Glupteba.XO!MTB
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R293305
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34742.kuZ@aGo3wXi
VBA32BScope.Trojan.Wacatac
MalwarebytesTrojan.Crypt
RisingTrojan.Kryptik!1.D284 (CLASSIC)
IkarusTrojan.Win32.Crypt
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.ECM!tr
AVGWin32:Trojan-gen
AvastWin32:Trojan-gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Glupteba.XO!MTB?

Trojan:Win32/Glupteba.XO!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment