Trojan:Win32/Trickbot.SS malicious file

The Trojan:Win32/Trickbot.SS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Trickbot.SS virus can do?

At least one process apparently crashed during execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Authenticode signature is invalid
CAPE detected the TrickBot malware family

How to determine Trojan:Win32/Trickbot.SS?


File Info:
name: C78C9BF3F8EB518A834E.mlw
path: /opt/CAPEv2/storage/binaries/a370ed1a830d3f27ae0fed4265d97ce3b5d03b1472a41232aaad3251b61343dd
crc32: 89F5A822
md5: c78c9bf3f8eb518a834e7ff203067cca
sha1: 5ab1e498700a4ddec9e21874b936313e08bca31f
sha256: a370ed1a830d3f27ae0fed4265d97ce3b5d03b1472a41232aaad3251b61343dd
sha512: 57fb0211da1c07c199f185775d5b0e728de7a9c477c2aaa827bff4b96fe400d2729427308a756e5ca9fa9f58b2e5cecb7d1b86536b4d8b75e95d5f27a25c511b
ssdeep: 3072:/BRLCttzKkeoVtlRjFDWXo7D/sW0fqzU:/fL6NKkeA5FDWY3/aizU
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F2C34B89E6D2C2F5EF8645B42BADFF7F4E750202A70595C7CB511C81A9221E2E63C34E
sha3_384: 0c4237c64eb20f27d0aaffa8beb099ab77f8f403231b7c04a28bac0659e74af4a9ef1a78289e5e1577b011163657fa83
ep_bytes: 575681ec080c00008d4424088d8c2408
timestamp: 2019-12-10 08:06:38

Version Info:
0: [No Data]

Trojan:Win32/Trickbot.SS also known as:

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.c78c9bf3f8eb518a
ALYac	Generic.TrickBot.1.5A55DE84
Cylance	Unsafe
BitDefender	Generic.TrickBot.1.5A55DE84
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
ClamAV	Win.Trojan.Trickbot-9833091-0
Kaspersky	Trojan-Banker.Win32.Trickster.iqe
MicroWorld-eScan	Generic.TrickBot.1.5A55DE84
Rising	Malware.Heuristic!ET#95% (RDMK:cmRtazrSCH8FDN5+lR/UwWPJe9yY)
Emsisoft	Generic.TrickBot.1.5A55DE84 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Sophos	Mal/Generic-S
Avira	TR/Dropper.Gen
MAX	malware (ai score=81)
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Trickbot.SS
ZoneAlarm	Trojan-Banker.Win32.Trickster.iqe
GData	Generic.TrickBot.1.5A55DE84
AhnLab-V3	Trojan/Win.KH.C4950573
McAfee	GenericRXJF-KH!C78C9BF3F8EB
Malwarebytes	MachineLearning/Anomalous.100%
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/TrickBot.CM!tr
BitDefenderTheta	AI:Packer.77A17E6E1E
AVG	Win32:TrickBot-KE [Trj]
Cybereason	malicious.3f8eb5
Avast	Win32:TrickBot-KE [Trj]

How to remove Trojan:Win32/Trickbot.SS?

Trojan:Win32/Trickbot.SS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X