Trojan

Trojan:Win32/Keylogger.DO!MTB (file analysis)

Malware Removal

The Trojan:Win32/Keylogger.DO!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Keylogger.DO!MTB virus can do?

  • Unconventionial language used in binary resources: Hebrew
  • The binary contains an unknown PE section name indicative of packing
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Trojan:Win32/Keylogger.DO!MTB?



File Info:

name: 4899CFFBBC26C8BAE7A5.mlw
path: /opt/CAPEv2/storage/binaries/cab393536465d350557b06837b73b8c662ae8fd362b80a9502e5e647d3718558
crc32: 1E5E2794
md5: 4899cffbbc26c8bae7a5384445cc2da3
sha1: eb04a6dc0de2a1af61a6a72314f99a225809ae6b
sha256: cab393536465d350557b06837b73b8c662ae8fd362b80a9502e5e647d3718558
sha512: e8c5df81e9c801964ba738536f854967bc79a5799f45aeedd70bed78f3614bcb405ff9708b1f97fd0ac4e2dbbf45f8d578a7aa9f0d06eb2b7983cdc063caf5c0
ssdeep: 12288:2H5PzAt+XoYq+AwDgwebcLRmiAAtSoSR:4PzQ+vFDgwebdiAAt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18EB44AE536D2C52BD636113088A4527195B2BE684F23C7CF67A4ED2DAD3CDC0993A339
sha3_384: 21e6fa2edb13874bd7c22c39531f560c39538df2e028011398632c1dc1907db63c13d92708631af515e4a2d866350181
ep_bytes: 60be00504d008dbe00c0f2ff5789e58d
timestamp: 2014-07-20 16:27:46


Version Info:

Comments: SV12 
CompanyName: Exent Technologies Ltd.
FileDescription: FreeRide Games
FileVersion: 1, 0, 1, 8
InternalName: FreeRide Games
LegalCopyright: Copyright © 1996-2014 Exent Technologies Ltd. All rights reserved.
LegalTrademarks: 
OriginalFilename: FreeRide Games.EXE
PrivateBuild: 
ProductName: FreeRide Games
ProductVersion: 1, 0, 1, 8
SpecialBuild: 
Translation: 0x0409 0x04b0

Trojan:Win32/Keylogger.DO!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Generic.4!c
MicroWorld-eScanTrojan.GenericKDZ.92664
FireEyeTrojan.GenericKDZ.92664
McAfeeArtemis!4899CFFBBC26
Cylanceunsafe
VIPRETrojan.GenericKDZ.92664
SangforSuspicious.Win32.Save.ins
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
APEXMalicious
CynetMalicious (score: 100)
BitDefenderTrojan.GenericKDZ.92664
AvastWin32:Malware-gen
TrendMicroTROJ_GEN.R002C0DHN23
McAfee-GW-EditionBehavesLike.Win32.RealProtect.gm
Trapminesuspicious.low.ml.score
EmsisoftTrojan.GenericKDZ.92664 (B)
SentinelOneStatic AI – Suspicious PE
GDataWin32.Application.Exent.B
Antiy-AVLTrojan/Win32.SGeneric
XcitiumPacked.Win32.MUPX.Gen@24tbus
ArcabitTrojan.Generic.D169F8
MicrosoftTrojan:Win32/Keylogger.DO!MTB
AhnLab-V3Malware/Win.Generic.R502863
Acronissuspicious
ALYacTrojan.GenericKDZ.92664
MAXmalware (ai score=85)
MalwarebytesMalware.AI.1903497157
PandaTrj/Genetic.gen
TrendMicro-HouseCallTROJ_GEN.R002C0DHN23
RisingTrojan.Keylogger!8.8850 (CLOUD)
MaxSecureTrojan.Malware.185319472.susgen
FortinetW32/ULPM.16C0!tr
AVGWin32:Malware-gen
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Keylogger.DO!MTB?

Trojan:Win32/Keylogger.DO!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment