Trojan:Win32/Smokeloader.GXZ!MTB removal tips

The Trojan:Win32/Smokeloader.GXZ!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Smokeloader.GXZ!MTB virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Smokeloader.GXZ!MTB?


File Info:
name: ED4CD2765EC384093042.mlw
path: /opt/CAPEv2/storage/binaries/70d7f3800d2945dc30901b04184dcca70f37aa00b3bc07e594920ce036392a2a
crc32: 5D6E2384
md5: ed4cd2765ec3840930424a224ae16272
sha1: fb3541229fb09057d8e2531f4f13b8444211daad
sha256: 70d7f3800d2945dc30901b04184dcca70f37aa00b3bc07e594920ce036392a2a
sha512: e3d1537b8a81acbdb0d3b038b9d711ce9c99d968affe21409e9bff62352edcc6661f6f7a76fdade8052d005494cd2d9630b92907cd35724ee7325ab8fac72520
ssdeep: 12288:2Yg8LaGarD0ZvzPgggggggggggggggggggggggggggggggggggggggggggggggg4:mywDyv0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1AFD60A9132E6FF37E6F74A315831A2A467F7FCE26527426AB1503B0F28355844AF1326
sha3_384: 4f46d5a0b68c2a55b1bd748206d20163f6488a197c62e6f89b543e84da42443f0bd92fe2f0b35fe5cd3eb738d3ff969b
ep_bytes: e846270000e989feffff8bff558bec81
timestamp: 2023-09-02 18:12:46

Version Info:
FileVersion: 12.3.3.493
ProductVersion: 89.49.84.33
InternalName: Slupido
CompanyName: Torchok
Translation: 0x149c 0x0235

Trojan:Win32/Smokeloader.GXZ!MTB also known as:

Bkav	W32.AIDetectMalware
DrWeb	Trojan.Siggen26.62207
MicroWorld-eScan	Gen:Variant.Babar.442823
Malwarebytes	Malware.AI.2785733861
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 00584baa1 )
K7GW	Riskware ( 00584baa1 )
CrowdStrike	win/malicious_confidence_100% (D)
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HWLM
Cynet	Malicious (score: 100)
APEX	Malicious
BitDefender	Gen:Variant.Babar.442823
Emsisoft	Gen:Variant.Babar.442823 (B)
VIPRE	Gen:Variant.Babar.442823
TrendMicro	Mal_Tofsee
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.ed4cd2765ec38409
Sophos	Troj/Krypt-ADH
SentinelOne	Static AI – Malicious PE
Varist	W32/Kryptik.LSY.gen!Eldorado
MAX	malware (ai score=89)
Microsoft	Trojan:Win32/Smokeloader.GXZ!MTB
Arcabit	Trojan.Babar.D6C1C7
GData	Gen:Variant.Babar.442823
Google	Detected
AhnLab-V3	Malware/Win.AGEN.R637172
ALYac	Gen:Variant.Babar.442823
Cylance	unsafe
TrendMicro-HouseCall	Mal_Tofsee
Rising	Trojan.SmokeLoader!1.F6AD (CLASSIC)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Kryptik.HWLF!tr
Cybereason	malicious.65ec38

How to remove Trojan:Win32/Smokeloader.GXZ!MTB?

Trojan:Win32/Smokeloader.GXZ!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X