Trojan

Trojan:Win32/Malgent.B malicious file

Malware Removal

The Trojan:Win32/Malgent.B is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Malgent.B virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Collects information about installed applications
  • Checks the CPU name from registry, possibly for anti-virtualization
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system

How to determine Trojan:Win32/Malgent.B?



File Info:

name: FBD7FF749D74291C1B10.mlw
path: /opt/CAPEv2/storage/binaries/c78a884106e41d8bb006d6ef70dedb4d873b79fca94ab9dd1c839329bb4d9f48
crc32: DB59E904
md5: fbd7ff749d74291c1b10a768863c6ba9
sha1: f7deea11da88c72f5343480b49a3442c62cfd2c9
sha256: c78a884106e41d8bb006d6ef70dedb4d873b79fca94ab9dd1c839329bb4d9f48
sha512: 99ad90217b20ae8783def007dda2aaa4306237a9782dcfad37a4497da307581148ca2f5fa5faf8e97875f137bbff5f4ab1438e91ea3c9bb10f86f081bab1c4b6
ssdeep: 12288:wdY810rQGDnN1//gUuU04nN2ZEuTgDm+hAYaTlqb:R810rQGrNF/DJQTAATx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T122C412D17A01CA37C06CA0B59815D252A9AF7F381BA54487FB582FAD1F3D2E41F24F26
sha3_384: af314492557693b1497a0f0bd699b7486d571d9c8fbc2b938813fdfd7d9c2d4ccb3a284fe65ed3d71144f415b683d933
ep_bytes: e893280000e978feffffcccc8b4c2404
timestamp: 2018-07-06 08:25:40


Version Info:

InternalName: kozinokibi.exe
LegalCopyright: Copyright (C) 2019, vtduty
Translation: 0x00c9 0x01c8

Trojan:Win32/Malgent.B also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Siggen2.12561
ClamAVWin.Packed.Ulise-7171866-1
FireEyeGeneric.mg.fbd7ff749d74291c
CAT-QuickHealRansom.Stop.P5
ALYacTrojan.Brsecmon.1
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
SangforTrojan.Win32.AGEN.1041756
K7AntiVirusTrojan ( 0054d3b31 )
AlibabaTrojanBanker:Win32/Jimmy.c6f2f0a0
K7GWTrojan ( 0054d3b31 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34084.Ju0@a40x21p
SymantecPacked.Generic.525
ESET-NOD32a variant of Win32/Kryptik.GSSQ
TrendMicro-HouseCallTrojan.Win32.SODINOK.SM.hp
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Brsecmon.1
NANO-AntivirusTrojan.Win32.Jimmy.fucvny
MicroWorld-eScanTrojan.Brsecmon.1
AvastWin32:TrojanX-gen [Trj]
TencentWin32.Trojan-banker.Jimmy.Ehhv
Ad-AwareTrojan.Brsecmon.1
SophosMal/Generic-S
ZillyaTrojan.Kryptik.Win32.1701364
TrendMicroTrojan.Win32.SODINOK.SM.hp
McAfee-GW-EditionBehavesLike.Win32.Dropper.hh
EmsisoftTrojan.Brsecmon.1 (B)
IkarusTrojan.Win32.Crypt
GDataTrojan.Brsecmon.1
JiangminTrojan.Banker.Jimmy.wx
AviraHEUR/AGEN.1107202
Antiy-AVLTrojan/Generic.ASMalwS.2C19195
MicrosoftTrojan:Win32/Malgent.B
SentinelOneStatic AI – Malicious PE
AhnLab-V3Malware/Win32.RL_Generic.R268756
Acronissuspicious
McAfeeSodinokibi!FBD7FF749D74
VBA32Trojan.Fuerboos
MalwarebytesTrojan.MalPack.GS.Generic
APEXMalicious
RisingTrojan.Kryptik!1.B821 (CLASSIC)
YandexTrojan.PWS.Jimmy!k7Hgm8eyjj8
MAXmalware (ai score=100)
eGambitUnsafe.AI_Score_99%
FortinetW32/GenKryptik.DQHN!tr
AVGWin32:TrojanX-gen [Trj]
Cybereasonmalicious.49d742
PandaTrj/GdSda.A
MaxSecureRansomeware.CRAB.gen

How to remove Trojan:Win32/Malgent.B?

Trojan:Win32/Malgent.B removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment