Trojan:Win32/Ranumbot.RMG!MTB malicious file

Malware Removal

The Trojan:Win32/Ranumbot.RMG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Review

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan:Win32/Ranumbot.RMG!MTB virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • A process attempted to delay the analysis task by a long amount of time.
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed AV products by installation directory
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed instant messenger clients
  • Harvests information related to installed mail clients
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Trojan:Win32/Ranumbot.RMG!MTB?


File Info:

crc32: 1682B294
md5: a294ad600f147487d61bd0ddaa949aa1
name: updater.exe
sha1: 4f29b207d78a3e9e30081dd844e3af67781b1d26
sha256: 372775829a3b9ae006699711fa3a332c20c491934fa1b57299cf2dfff1a681d0
sha512: 94aababc23cbf781092b59213199a17cdedd96a00b86b4461abcb62d948b7dcdb6c04622626454e711d94853cb4f698868e6f6b75595da320e0ad92277fe5b1a
ssdeep: 3072:XBNeSvTeM5gH5QgzTuSBRI5FH/x+6HLpEwWMF:xTaQgzTuLsgq6
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

InternalName: dvezejza.em
FileVersion: 1.3.23.4
LegalCopyrighz: Copyright (C) 2020, jlfvjs
ProductVersion: 1.7.22
TranslationBeer: 0x0811 0x0528

Trojan:Win32/Ranumbot.RMG!MTB also known as:

MicroWorld-eScanTrojan.GenericKD.33871922
FireEyeGeneric.mg.a294ad600f147487
McAfeeRDN/Generic.grp
CylanceUnsafe
AegisLabTrojan.Win32.Generic.4!c
SangforMalware
K7AntiVirusTrojan ( 005670d51 )
BitDefenderTrojan.GenericKD.33871922
K7GWTrojan ( 005670d51 )
Cybereasonmalicious.7d78a3
SymantecTrojan.Gen.2
APEXMalicious
AvastWin32:CoinminerX-gen [Trj]
ClamAVWin.Malware.Generickdz-6907156-0
GDataWin32.Packed.Kryptik.DUOME4
KasperskyTrojan-Downloader.Win32.Deyma.bei
AlibabaTrojan:Win32/Kryptik.9b48768a
RisingTrojan.Kryptik!1.C46C (CLOUD)
Endgamemalicious (high confidence)
EmsisoftTrojan.Agent (A)
ComodoMalware@#2g4r3gsoeygfc
F-SecureTrojan.TR/AD.Zlob.mrsrx
DrWebTrojan.Siggen9.47690
Invinceaheuristic
McAfee-GW-EditionBehavesLike.Win32.Generic.ch
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Krypt
CyrenW32/Trojan.POEI-4382
AviraTR/AD.Zlob.mrsrx
WebrootW32.Trojan.Gen
MAXmalware (ai score=85)
Antiy-AVLTrojan/Win32.RanumBot
ArcabitTrojan.Generic.D204D832
ZoneAlarmTrojan-Downloader.Win32.Deyma.bei
MicrosoftTrojan:Win32/Ranumbot.RMG!MTB
AhnLab-V3Trojan/Win32.MalPe.R336983
Acronissuspicious
VBA32BScope.Trojan.AET.281105
ALYacTrojan.GenericKD.33871922
Ad-AwareTrojan.GenericKD.33871922
MalwarebytesTrojan.MalPack.GS
PandaTrj/GdSda.A
ESET-NOD32a variant of Win32/Kryptik.HDMA
FortinetW32/Kryptik.HDMA!tr
BitDefenderThetaGen:NN.ZexaF.34110.mq2@aK3ogEoG
AVGWin32:CoinminerX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_90% (W)
Qihoo-360Generic/Trojan.1f2

How to remove Trojan:Win32/Ranumbot.RMG!MTB?

Trojan:Win32/Ranumbot.RMG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment