Trojan

About “Trojan:Win32/Redline.CAV!MTB” infection

Malware Removal

The Trojan:Win32/Redline.CAV!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Redline.CAV!MTB virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Redline.CAV!MTB?



File Info:

name: 21F0BA1D685E591B43DF.mlw
path: /opt/CAPEv2/storage/binaries/217f558e5bed9ade137a87c878cd4f5c027cb3a6c0202950549e51830f1d3166
crc32: 60DD36CD
md5: 21f0ba1d685e591b43dff86dbd33d14e
sha1: 34eadd4bc87eee6fcb736d4a4bbb9ddb3a17c4e7
sha256: 217f558e5bed9ade137a87c878cd4f5c027cb3a6c0202950549e51830f1d3166
sha512: b209b5009e186812affec6f2cded42b967f2f8fffa9dfb9bc3988fd40b0f06334e476beb58f4f9bfa8e54363c4488b3a01ca7af3dff07e217d09248a6bff2d06
ssdeep: 3072:/cWkpfSfPnqDEiSmY5qsQqF607Dj4yJvr7EA:/bHn2rSmuqs/A07vnvfr
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1F8048D20324CC176F56724B088E9DAB69AB97835172F15DBFBD4176D4F223E1AB3024B
sha3_384: 4b28b4273d2208ceaa7c099816b81d94304099f54d4dfb0fe3532e02482ac1fbdc28041645ed6a090d1d01371a49634f
ep_bytes: e835680000e9a4feffff6a0c68d07142
timestamp: 2023-05-29 00:36:53


Version Info:

Comments: nc7jR1TC6FmCPEg5a9MvzWnhIkXxa2
CompanyName: The Home Depot, Inc.
FileDescription: The Home Depot, Inc. Product
FileVersion: 7,224,30,441
InternalName: NDSiQBmN4B
LegalCopyright: Copyright © The Home Depot, Inc. All rights reserved.
LegalTrademarks: Trademark © The Home Depot, Inc.
OriginalFilename: QJDZkpm8
ProductName: 2W6t4T0Ae5UT
ProductVersion: 7,224,30,441
Translation: 0x081a 0x081a

Trojan:Win32/Redline.CAV!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Agent.Y!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.470613
FireEyeGeneric.mg.21f0ba1d685e591b
McAfeeGenericRXWA-OC!21F0BA1D685E
MalwarebytesMalware.AI.1014435616
SangforTrojan.Win32.Kryptik.V5ew
K7AntiVirusTrojan ( 005a5f491 )
AlibabaTrojan:Win32/Kryptik.be1ae50c
K7GWTrojan ( 005a5f491 )
VirITTrojan.Win32.GenusT.DKEC
CyrenW32/Kryptik.JWA.gen!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HTQF
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Injuke.gen
BitDefenderGen:Variant.Zusy.470613
AvastWin32:CrypterX-gen [Trj]
TencentWin32.Trojan.Injuke.Dtgl
EmsisoftGen:Variant.Zusy.470613 (B)
F-SecureTrojan.TR/AD.Nekark.owoju
DrWebBackDoor.Andromeda.1835
VIPREGen:Variant.Zusy.470613
TrendMicroTROJ_GEN.R011C0DEV23
McAfee-GW-EditionGenericRXWA-OC!21F0BA1D685E
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Crypt
GDataGen:Variant.Zusy.470613
AviraTR/AD.Nekark.owoju
Antiy-AVLTrojan/Win32.Kryptik
ArcabitTrojan.Zusy.D72E55
ZoneAlarmHEUR:Trojan.Win32.Injuke.gen
MicrosoftTrojan:Win32/Redline.CAV!MTB
GoogleDetected
AhnLab-V3Spyware/Win.Hpdyre.R492527
VBA32BScope.TrojanPSW.RedLine
ALYacGen:Variant.Zusy.470613
MAXmalware (ai score=85)
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002H0CET23
RisingBackdoor.Agent!8.C5D (TFE:5:BPt1dqMqqIH)
MaxSecureTrojan.Malware.74209402.susgen
FortinetW32/Kryptik.HTQK!tr
AVGWin32:CrypterX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Redline.CAV!MTB?

Trojan:Win32/Redline.CAV!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment