Trojan

What is “Trojan:Win32/Nanocore.BG!MTB”?

Malware Removal

The Trojan:Win32/Nanocore.BG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Nanocore.BG!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Trojan:Win32/Nanocore.BG!MTB?



File Info:

name: 913FC7A8A80E209997AD.mlw
path: /opt/CAPEv2/storage/binaries/e8f8cc178425c55c03c76d0a2a11918371bba8f2d6f400752ca1cea5e663da2e
crc32: 1B687D67
md5: 913fc7a8a80e209997ad142ffce2d619
sha1: 707bad900cc22eaf7ad3d4425ec657f5da05f405
sha256: e8f8cc178425c55c03c76d0a2a11918371bba8f2d6f400752ca1cea5e663da2e
sha512: 96b03b2805c7493931ffc551a04e9a3ddbd413d171cd8b1f6e9ae3d2697e034d4835ceef23d84cd9520f4c3f4bd48178c1a1beb299394d86b52f2c072034df04
ssdeep: 3072:nobJpicHZFvW9rcmOvT/Ki4AI0BYuR3A415GRprw19bQ5/GSAHZ/obJpicHZFv:47icHj+9rcmOvT/Ki4AI0BYuR3A415Gh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14AD37D24F489F0B1C4A247B4EF6086FC82783E360D950957E1607BAEF4725F9A945B3B
sha3_384: aafe71c524e545a1f7f64384311d339583a852c24c086da171aecd20f0fe3128c66900147e7345a6c19d978d903fc698
ep_bytes: 6844144000e8f0ffffff000000000000
timestamp: 2003-12-23 22:06:27


Version Info:

Translation: 0x0409 0x04b0
Comments: Internationalizing6
CompanyName: Kodak
FileDescription: Slagtemesterens7
LegalCopyright: Plenipotentiarize
LegalTrademarks: fyraften"    
ProductName: CHILINA
FileVersion: 1.00
ProductVersion: 1.00
InternalName: Farveskalaer2
OriginalFilename: Farveskalaer2.exe

Trojan:Win32/Nanocore.BG!MTB also known as:

BkavW32.Common.77F166B8
LionicTrojan.Win32.VB.b!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.PonyStealer.im0@ou2kkUmi
FireEyeGeneric.mg.913fc7a8a80e2099
SkyhighFareit-FQO!913FC7A8A80E
ALYacBackdoor.RAT.Parallax
Cylanceunsafe
ZillyaTrojan.Injector.Win32.676133
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 0055dc921 )
AlibabaTrojanDropper:Win32/VBCrypt.faab2c37
K7GWTrojan ( 0055dc921 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitTrojan.PonyStealer.E81AB9
BitDefenderThetaGen:NN.ZevbaF.36744.im0@au2kkUmi
VirITTrojan.Win32.VBZenPack_Heur
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win32/Injector.EJPS
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Dropper.Win32.VB.dtyh
BitDefenderGen:Heur.PonyStealer.im0@ou2kkUmi
NANO-AntivirusTrojan.Win32.TrjGen.gnaczr
AvastWin32:MalwareX-gen [Trj]
TencentMalware.Win32.Gencirc.13afc7fc
SophosMal/FareitVB-AC
F-SecureTrojan.TR/Redcap.wihpy
DrWebTrojan.Siggen8.63806
VIPREGen:Heur.PonyStealer.im0@ou2kkUmi
TrendMicroTROJ_GEN.R002C0DA924
Trapminemalicious.moderate.ml.score
EmsisoftGen:Heur.PonyStealer.im0@ou2kkUmi (B)
JiangminTrojanDropper.VB.ayff
WebrootW32.VB.dtyh
GoogleDetected
AviraTR/Redcap.wihpy
Antiy-AVLTrojan/Win32.Injector
KingsoftWin32.Troj.Unknown.a
XcitiumMalware@#3uummjnq8bn13
MicrosoftTrojan:Win32/Nanocore.BG!MTB
ViRobotTrojan.Win.Z.Ponystealer.139264
ZoneAlarmTrojan-Dropper.Win32.VB.dtyh
GDataGen:Heur.PonyStealer.im0@ou2kkUmi
VaristW32/VBInject.ABY.gen!Eldorado
AhnLab-V3Trojan/Win32.Injector.R305309
McAfeeFareit-FQO!913FC7A8A80E
MAXmalware (ai score=100)
VBA32Trojan.Wacatac
MalwarebytesMalware.AI.3658693891
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R002C0DA924
RisingDropper.VB!8.B2E (CLOUD)
YandexTrojan.Igent.bSTu7L.5
IkarusTrojan.VB.Crypt
MaxSecureTrojan.Malware.74757849.susgen
FortinetW32/GenKryptik.FGZN!tr
AVGWin32:MalwareX-gen [Trj]
Cybereasonmalicious.00cc22
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Nanocore.BG!MTB?

Trojan:Win32/Nanocore.BG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment