Trojan

Trojan:Win32/Tnega.BBA!MTB information

Malware Removal

The Trojan:Win32/Tnega.BBA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Tnega.BBA!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • CAPE detected the Azorult malware family

How to determine Trojan:Win32/Tnega.BBA!MTB?



File Info:

name: A8C8C9F845755C28D970.mlw
path: /opt/CAPEv2/storage/binaries/67ea2153cfc1a94642fa7f08b5e8c40c2497106687b6d9d6fa938eec1d659126
crc32: 47C69641
md5: a8c8c9f845755c28d970990ac073386d
sha1: ff23867b93b68d1feefcbea5fb5a96fc2b5870d1
sha256: 67ea2153cfc1a94642fa7f08b5e8c40c2497106687b6d9d6fa938eec1d659126
sha512: 80a358958a39fed9fcf79d3b885a446f727ee89aad5e236074909a5677464c5cdabc8c3129bfb8c228556b8012a5cc54db46c28faf89ed3dff3e900c17ed2d2b
ssdeep: 6144:FGiPMSrQAtFSnzkLT1/ELKYwV8v5IMdlVSiEFitM8cI0b9p:jEAvUzk/N8gS1lVS1FitKZbz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18874220302904EF7DDF29E741C73BBC9ABBDAE664A519D870FA07FBE98762A14504107
sha3_384: cc0577b24d5e724f9f2a9ccb33f7b664a480e70443b8bd20cf85486c643c6caaffb629117760c62ec1df226592b40924
ep_bytes: 81ec8001000053555633db57895c2418
timestamp: 2008-10-10 21:49:01


Version Info:

0: [No Data]

Trojan:Win32/Tnega.BBA!MTB also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Formbook.4!c
MicroWorld-eScanTrojan.NSISX.Spy.Gen.2
CAT-QuickHealTrojan.TnegaRI.S26992228
ALYacSpyware.Infostealer.Azorult
CylanceUnsafe
VIPRETrojan.NSISX.Spy.Gen.2
SangforTrojan.Win32.Injector.ERGY
K7AntiVirusTrojan ( 0058c2a11 )
AlibabaTrojan:Win32/Tnega.7f13c930
K7GWTrojan ( 0058c2a11 )
Cybereasonmalicious.b93b68
CyrenW32/Injector.AWD.gen!Eldorado
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Injector.ERGY
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Formbook.gen
BitDefenderTrojan.NSISX.Spy.Gen.2
NANO-AntivirusTrojan.Win32.Formbook.jnisuq
SUPERAntiSpywareTrojan.Agent/Gen-Siggen
AvastWin32:InjectorX-gen [Trj]
TencentWin32.Trojan.Formbook.Tgil
EmsisoftTrojan.NSISX.Spy.Gen.2 (B)
ComodoMalware@#ue2kqrez8u35
DrWebTrojan.PWS.Stealer.26518
TrendMicroTrojanSpy.Win32.AZORULT.YXCCOZ
McAfee-GW-EditionRDN/Generic PWS.y
FireEyeTrojan.NSISX.Spy.Gen.2
SentinelOneStatic AI – Suspicious PE
GDataWin32.Trojan.PSE.1ZI9VH
WebrootW32.Trojan.NSISX.Spy.Gen
AviraTR/AD.MoksSteal.kaowd
Antiy-AVLTrojan/Generic.ASMalwS.56CE
KingsoftWin32.Troj.Undef.(kcloud)
ArcabitTrojan.NSISX.Spy.Gen.2 [many]
MicrosoftTrojan:Win32/Tnega.BBA!MTB
GoogleDetected
AhnLab-V3Trojan/Win.Frs.C4790848
McAfeeRDN/Generic PWS.y
MAXmalware (ai score=100)
VBA32Trojan.Formbook
MalwarebytesMalware.AI.1131050234
TrendMicro-HouseCallTrojanSpy.Win32.AZORULT.YXCCOZ
RisingMalware.FakeXLS/ICON!1.9C3D (CLASSIC)
IkarusTrojan.NSIS.Agent
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Injector.AUL!tr
AVGWin32:InjectorX-gen [Trj]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Tnega.BBA!MTB?

Trojan:Win32/Tnega.BBA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment