Trojan

Trojan:Win32/Sdum.RE!MTB removal

Malware Removal

The Trojan:Win32/Sdum.RE!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Sdum.RE!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses suspicious command line tools or Windows utilities

How to determine Trojan:Win32/Sdum.RE!MTB?



File Info:

name: A0417267EAA16B646265.mlw
path: /opt/CAPEv2/storage/binaries/87356954f4ed33c123b28dd12b91711ea395e95e028ea53da83e5c7e30e53251
crc32: 7489EE96
md5: a0417267eaa16b646265d1bfaa92679f
sha1: 73e224fd1f07f4a9135cf0d7d8cbf589d808cf7f
sha256: 87356954f4ed33c123b28dd12b91711ea395e95e028ea53da83e5c7e30e53251
sha512: 40b12aaa86c11acd6e4a0d1bbc8cd72c0f862f99a7fb8980714c658a0341196f271499ac8ac0f4437623a0ce6de854947bc4e8a7bc163156893fa7a516eb8f74
ssdeep: 1536:rC2/fYuPfbESFYXRWhpKRycRd57JkIqFHhzm4hWru/BzihhMN45MF5FvHP132xPM:r7YubEwYXRWhpAJUHhzm4hUukS6Kmec6
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D7D31823F998711BE623C8F0183555697D1ABE350BA0AD8732C16F562672783B9F231F
sha3_384: 3de0fc38a8a0d306da3f457af02e54476f4e96a388fb49349a1c1cef9bb14bfe27fc738c27afc95d189a26ab0d00380e
ep_bytes: 68cc344000e8f0ffffff000000000000
timestamp: 2007-07-05 20:58:48


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows NT Session Manager
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: smss.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: smss.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Translation: 0x0409 0x04b0

Trojan:Win32/Sdum.RE!MTB also known as:

BkavW32.AIDetectMalware
DrWebTrojan.MulDrop3.39527
MicroWorld-eScanGeneric.Dacic.D207D77A.A.2F211DA3
SkyhighBehavesLike.Win32.Generic.ct
McAfeeGenericATG-FCNS!A0417267EAA1
MalwarebytesMalware.AI.4182504847
VIPREGeneric.Dacic.D207D77A.A.2F211DA3
SangforSuspicious.Win32.Save.vb
K7AntiVirusTrojan ( 0059cf951 )
K7GWTrojan ( 0059cf951 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZevbaF.36802.iu1@aS09NFpi
SymantecBackdoor.Trojan
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/VB.NMD
APEXMalicious
ClamAVWin.Dropper.Detected-9955013-0
KasperskyBackdoor.Win32.VB.bnv
BitDefenderGeneric.Dacic.D207D77A.A.2F211DA3
NANO-AntivirusTrojan.Win32.VB.ndnw
AvastWin32:VB-FRD [Trj]
TencentMalware.Win32.Gencirc.10bfa58c
EmsisoftGeneric.Dacic.D207D77A.A.2F211DA3 (B)
F-SecureTrojan.TR/Agent.39424.6.B
ZillyaTrojan.VB.Win32.1805094
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.a0417267eaa16b64
SophosTroj/VB-LEL
SentinelOneStatic AI – Suspicious PE
MAXmalware (ai score=84)
JiangminBackdoor.VB.adp
GoogleDetected
AviraTR/Agent.39424.6.B
VaristW32/VB.ABT.gen!Eldorado
Antiy-AVLTrojan/Win32.VB
MicrosoftTrojan:Win32/Sdum.RE!MTB
XcitiumTrojWare.Win32.Trojan.VB.~AOL@mmhwn
ArcabitGeneric.Dacic.D207D77A.A.2F211DA3
ZoneAlarmBackdoor.Win32.VB.bnv
GDataGeneric.Dacic.D207D77A.A.2F211DA3
CynetMalicious (score: 100)
AhnLab-V3Backdoor/Win.VB.R636297
VBA32TScope.Trojan.VB
ALYacGeneric.Dacic.D207D77A.A.2F211DA3
Cylanceunsafe
RisingTrojan.Sdum!8.1155F (TFE:3:rzOZSNaiaZT)
YandexTrojan.GenAsa!GPjPD8Wqigw
IkarusBackdoor.Win32.VB
MaxSecureTrojan.Malware.695672.susgen
FortinetW32/VB.NMD!tr
AVGWin32:VB-FRD [Trj]
DeepInstinctMALICIOUS

How to remove Trojan:Win32/Sdum.RE!MTB?

Trojan:Win32/Sdum.RE!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment