Categories: Trojan

About “Trojan:Win32/Hancitor.ARK!MTB” infection

The Trojan:Win32/Hancitor.ARK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Hancitor.ARK!MTB virus can do?

  • Executable code extraction
  • Creates RWX memory
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Looks up the external IP address
  • Behavior consistent with a dropper attempting to download the next stage.
  • A process sent information about the computer to a remote location.
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

api.ipify.org
maduabin.com
thenexames.ru
pritursivers.ru

How to determine Trojan:Win32/Hancitor.ARK!MTB?



File Info:

crc32: 5ADF734Fmd5: b0b16d046655871f9a452e2c34d062e5name: B0B16D046655871F9A452E2C34D062E5.mlwsha1: ad92e7b5e1eb1a1c16d4c0cb1a23b1eeb124a7eesha256: 5660be89b90aa88fc81719220933e8bcc5ead56352eac7f5ea4a053cb575db8asha512: fd48003beb2df843cb6471e4864eb770b490cc7d9359f69c2551f367b840595773e7778f924c210975f1aead0bb7892f2fa547f5d15b36d9d16e9c12fe3228a7ssdeep: 6144:WEitiibyyCeTbC2dRAMT8gz84XP10aGXohw50VHkf/t3VT38Z6VDfSYn0J:WPiiemC2P3Bd1pJhw5EHkf13VbIkqC0type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: Copyright xa9 Six old 1995-2015 BoardinterestFileVersion: 3.4.0.573CompanyName: Six oldStay: Ever objectProductVersion: 3.4.0.573FileDescription: LegstoreProductName: LegstoreOriginalFilename: complete.dllTranslation: 0x0409 0x04e4

Trojan:Win32/Hancitor.ARK!MTB also known as:

Bkav W32.AIDetectVM.malware1
MicroWorld-eScan Gen:Variant.Johnnie.295930
ALYac Trojan.Agent.Hancitor
Sangfor Malware
BitDefender Gen:Variant.Johnnie.295930
Arcabit Trojan.Johnnie.D483FA
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Trojan-Banker.Win32.Cridex.gen
Ad-Aware Gen:Variant.Johnnie.295930
F-Secure Trojan.TR/Kryptik.xdzeq
DrWeb Trojan.Chanitor.59
TrendMicro Trojan.Win32.MALREP.THLOIBO
McAfee-GW-Edition Artemis!Trojan
FireEye Gen:Variant.Johnnie.295930
Emsisoft Gen:Variant.Johnnie.295930 (B)
Webroot W32.Trojan.Gen
Avira TR/Kryptik.xdzeq
MAX malware (ai score=80)
Kingsoft Win32.Troj.Banker.(kcloud)
Microsoft Trojan:Win32/Hancitor.ARK!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Cridex.gen
GData Gen:Variant.Johnnie.295930
Cynet Malicious (score: 100)
McAfee RDN/Hancitor
VBA32 BScope.TrojanBanker.Cridex
Malwarebytes Spyware.MassLogger
ESET-NOD32 a variant of Win32/GenKryptik.EYBL
TrendMicro-HouseCall Trojan.Win32.MALREP.THLOIBO
Rising Trojan.Generic@ML.90 (RDML:f8Eizix+kbfanr6xWOun9w)
Ikarus Trojan.Win32.Krypt
Fortinet W32/GenKryptik.EYBL!tr
AVG FileRepMalware

How to remove Trojan:Win32/Hancitor.ARK!MTB?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: api.ipify.orgcomplete.dllmaduabin.compritursivers.ruthenexames.ruTrojan:Win32/Hancitor.ARK!MTB
3 years ago

Recent Posts

How to remove “MSIL/Kryptik.AEKB”?

The MSIL/Kryptik.AEKB is considered dangerous by lots of security experts. When this infection is active,…

40 mins ago

Should I remove “Trojan.Ransom.Loki.GDM”?

The Trojan.Ransom.Loki.GDM is considered dangerous by lots of security experts. When this infection is active,…

46 mins ago

Generic.Dacic.94CCEEA9.A.B50509BB removal

The Generic.Dacic.94CCEEA9.A.B50509BB is considered dangerous by lots of security experts. When this infection is active,…

46 mins ago

Lazy.503930 removal

The Lazy.503930 is considered dangerous by lots of security experts. When this infection is active,…

50 mins ago

Zusy.546247 (file analysis)

The Zusy.546247 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago

About “Trojan:Win32/AgentTesla!rfn” infection

The Trojan:Win32/AgentTesla!rfn is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago