Trojan:Win32/Remcos.RVAW!MTB (file analysis)

The Trojan:Win32/Remcos.RVAW!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Remcos.RVAW!MTB virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid

How to determine Trojan:Win32/Remcos.RVAW!MTB?


File Info:
name: 5D34846B89BF43502E2B.mlw
path: /opt/CAPEv2/storage/binaries/287a8c784bc439337cd063735d6941eb0a40f2a9137b085bb86dd8d4aa14fcc9
crc32: 6C5A99ED
md5: 5d34846b89bf43502e2be0d4fd004618
sha1: b0ff73e01fd0156facba2f9a4bf8cb319e1e3dd6
sha256: 287a8c784bc439337cd063735d6941eb0a40f2a9137b085bb86dd8d4aa14fcc9
sha512: 6207da1b9988f06fa0718bd105389b849ebf90e0d7f53ff624dd89f320a9fc920a0284123b1f742f56695ba517229a53360f4b40687ab1df27c6df933e13a8cf
ssdeep: 24576:ORTaL+A2f8Zhp8bYm1EnyWjkf0eFuPD+4m:gTaKsh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T111456CE2A254DC72F06A3579CC89B2D0396B7CED6D3A5C8D166C394A1A73761392C03F
sha3_384: f66920621000747a0377b2f8fcab04d859e5bf043fdce59bd196084272e881a15fc1cff4f07eb5117a647e1a840e50fe
ep_bytes: 558bec83c4f0b860834800e8ccd2f7ff
timestamp: 1992-06-19 22:22:17

Version Info:
0: [No Data]

Trojan:Win32/Remcos.RVAW!MTB also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Remcos.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Genie.198
FireEye	Generic.mg.5d34846b89bf4350
Skyhigh	BehavesLike.Win32.Infected.th
McAfee	GenericRXAA-AA!5D34846B89BF
Cylance	unsafe
Zillya	Backdoor.Remcos.Win32.6645
Sangfor	Downloader.Win32.Modiloader.Vsip
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan-Downloader ( 005a9dd21 )
K7AntiVirus	Trojan-Downloader ( 005a9dd21 )
Arcabit	Trojan.Genie.198
BitDefenderTheta	Gen:NN.ZelphiF.36744.lLW@amsC8Rpi
VirIT	Trojan.Win32.Genus.SYR
Symantec	Trojan Horse
ESET-NOD32	Win32/TrojanDownloader.ModiLoader.VX
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Gen:Variant.Genie.198
NANO-Antivirus	Trojan.Win32.Remcos.jzptaq
Avast	Win32:RATX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10bf1fcc
TACHYON	Backdoor/W32.DP-Remcos.1243648
Emsisoft	Gen:Variant.Genie.198 (B)
F-Secure	Heuristic.HEUR/AGEN.1367917
DrWeb	Trojan.DownLoader46.2645
VIPRE	Gen:Variant.Genie.198
TrendMicro	TROJ_FRS.0NA103I723
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
Jiangmin	Backdoor.Remcos.dwe
Webroot	W32.Malware.Gen
Varist	W32/Trojan.EBVR-7686
Avira	HEUR/AGEN.1367917
Antiy-AVL	Trojan/Win32.Wacatac
Kingsoft	Win32.Hack.Remcos.gen
Xcitium	Malware@#mtxwadefwtyn
Microsoft	Trojan:Win32/Remcos.RVAW!MTB
ZoneAlarm	HEUR:Backdoor.Win32.Remcos.gen
GData	Gen:Variant.Genie.198
Google	Detected
AhnLab-V3	Trojan/Win.TrojanX-gen.C5481925
VBA32	BScope.Backdoor.Remcos
ALYac	Gen:Variant.Genie.198
MAX	malware (ai score=84)
Malwarebytes	Trojan.MalPack.DLF
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_FRS.0NA103I723
Rising	Downloader.Agent!1.EFE4 (CLASSIC)
Yandex	Trojan.Igent.b0NC7E.4
Ikarus	Trojan.Agent
MaxSecure	Trojan.Malware.9833444.susgen
Fortinet	W32/Injector.ESCX!tr
AVG	Win32:RATX-gen [Trj]
Cybereason	malicious.01fd01
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Remcos.RVAW!MTB?

Trojan:Win32/Remcos.RVAW!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X