Trojan

How to remove “Trojan:Win32/SmokeLoader.CB!MTB”?

Malware Removal

The Trojan:Win32/SmokeLoader.CB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/SmokeLoader.CB!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the Tofsee malware family
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/SmokeLoader.CB!MTB?



File Info:

name: 33C821EF701C7FA548DE.mlw
path: /opt/CAPEv2/storage/binaries/c5b48011709c54ce1d06c77a1cc4af3d52f3bbba29b57db51965459a7dd2750d
crc32: C85552C8
md5: 33c821ef701c7fa548de7a27c199c882
sha1: 3d99421140859832c1a7b9063a027fdbb6f88789
sha256: c5b48011709c54ce1d06c77a1cc4af3d52f3bbba29b57db51965459a7dd2750d
sha512: 45b997ef32d60e850c97433696db9fc51071b191629388edc990a265e06f22bc92942ccc75211f49f61bd489a264942d683f5a73d67c0d09faacda7d3172e71d
ssdeep: 3072:GfYjXTPMvLg8dFBPqLdvIfsd14nTpayGx3wtEpb/iyG6W6W6W6W6W6W6W6W6W6Wy:JjXAvLnFxENd2nTAgQb/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D6F64D2EA92130EBDCA6807D2B2D374706FDD0F1E105271789D85AD1DC22C7AAEDA753
sha3_384: a6c925da6e66652a6ee4aa54e11e65b2407b7748bcb789596a6b9cb8e218ecf6d045460038451a0aee8fa2e405f6742d
ep_bytes: e8e54d0000e979feffff8bff558bec51
timestamp: 2022-05-06 23:03:36


Version Info:

FilesVersion: 93.84.7.37
InternalNames: HlameProduction
ProductName: HyperV
Translation: 0x0400 0x043b

Trojan:Win32/SmokeLoader.CB!MTB also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKDZ.97770
FireEyeGeneric.mg.33c821ef701c7fa5
MalwarebytesTrojan.MalPack.GS
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 00516fdf1 )
K7GWTrojan ( 00516fdf1 )
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/Kryptik.IZX.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.HSXN
APEXMalicious
ClamAVWin.Packer.pkr_ce1a-9980177-0
KasperskyHEUR:Backdoor.Win32.Tofsee.gen
BitDefenderTrojan.GenericKDZ.97770
AvastWin32:DropperX-gen [Drp]
EmsisoftTrojan.GenericKDZ.97770 (B)
DrWebTrojan.Siggen19.62754
VIPRETrojan.GenericKDZ.97770
Trapminemalicious.moderate.ml.score
SophosML/PE-A
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.12B6WNM
GoogleDetected
Antiy-AVLTrojan/Win32.Sabsik
ArcabitTrojan.Generic.D17DEA
MicrosoftTrojan:Win32/SmokeLoader.CB!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.SmokeLoader.R560715
VBA32Trojan.CoinMiner
ALYacTrojan.GenericKDZ.97770
MAXmalware (ai score=88)
Cylanceunsafe
RisingTrojan.Kryptik!1.E2E3 (CLASSIC)
IkarusTrojan-Banker.UrSnif
FortinetW32/Kryptik.HSXL!tr
AVGWin32:DropperX-gen [Drp]
PandaTrj/GdSda.A

How to remove Trojan:Win32/SmokeLoader.CB!MTB?

Trojan:Win32/SmokeLoader.CB!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment