Trojan:Win32/Trickbot.VB!MTB (file analysis)

The Trojan:Win32/Trickbot.VB!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Trickbot.VB!MTB virus can do?

Executable code extraction
Creates RWX memory
Unconventionial language used in binary resources: Macedonian
Attempts to repeatedly call a single API many times in order to delay analysis time
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

How to determine Trojan:Win32/Trickbot.VB!MTB?


File Info:
crc32: 9E12A67C
md5: 493fa0c1511f5bd83ed0b47e7c4f1c22
name: imgpaper.png
sha1: b4f4494fde42d602242ba772ce00430f41b3db81
sha256: 1847c410086cada258a9d1dd28bec315bdf0bea2724a78a83825b5809223cbfe
sha512: a389646d596d189bcf25493d68ea2b2b12c392ee0f09259da646e4d7f8984a410500272cc47b904264d0ea2834873fbf9fe0b07f8de1576706466d17d029ed1f
ssdeep: 12288:O6XNR7yk6zOPqVakU98MktuIvUrcxI+Fgt1jHxCx09RXB8qC/FEucAdq4gZt2w:Om7yk6zOPqVakBuIvUrcxI+Fgt1jRCG5
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
LegalCopyright: (c) David K Richmond
InternalName: MediaMDGCLibrarySample
FileVersion: 6.01
CompanyName: David K Richmond
LegalTrademarks: All code is property of David K Richmond
Comments: MediaLibrary Disk/Memory Sample (Demonstration of BSTN class) inc. Garbage Collection and Delete Disk Media
ProductName: MediaLibrary Sample BETA (new beta disk file version)
ProductVersion: 6.01
FileDescription: MediaLibrary (includes Beta Disk File Access wrapper in BSTN Class) Media Disk Delete Implemented and some bug fixes.
OriginalFilename: MediaMDGCLibrarySample.exe

Trojan:Win32/Trickbot.VB!MTB also known as:

Bkav	W32.AIDetectVM.malwareB
Qihoo-360	Win32/Trojan.BO.24d
McAfee	GenericRXAA-AA!493FA0C1511F
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 005692ab1 )
BitDefender	Trojan.GenericKDZ.68028
K7GW	Trojan ( 005692ab1 )
Arcabit	Trojan.Generic.D109BC
TrendMicro	TROJ_GEN.R002C0WFK20
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.EMKQ
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 85)
Kaspersky	Trojan.Win32.Mansabo.fev
Alibaba	Trojan:Win32/Mansabo.fda0754f
MicroWorld-eScan	Trojan.GenericKDZ.68028
Ad-Aware	Trojan.GenericKDZ.68028
Emsisoft	Trojan.GenericKDZ.68028 (B)
F-Secure	Trojan.TR/AD.TrickBot.umxpi
DrWeb	Trojan.Packed.140
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Dropper.hh
Fortinet	W32/EMKQ!tr
FireEye	Generic.mg.493fa0c1511f5bd8
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Injector
Jiangmin	Trojan.Mansabo.bqt
Avira	TR/AD.TrickBot.umxpi
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Win32.Mansabo
Endgame	malicious (high confidence)
Microsoft	Trojan:Win32/Trickbot.VB!MTB
ZoneAlarm	Trojan.Win32.Mansabo.fev
AhnLab-V3	Trojan/Win32.Trickbot.C4134376
BitDefenderTheta	Gen:NN.ZevbaF.34128.Km0@a05tkhdO
ALYac	Trojan.GenericKDZ.68028
TACHYON	Trojan/W32.VB-Mansabo.593920.B
Malwarebytes	Trojan.TrickBot
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0WFK20
Tencent	Malware.Win32.Gencirc.10cdd705
Yandex	Trojan.Injector!NFjCD1s5x0o
SentinelOne	DFI – Suspicious PE
GData	Trojan.GenericKDZ.68028
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (W)

How to remove Trojan:Win32/Trickbot.VB!MTB?

Trojan:Win32/Trickbot.VB!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Trojan:Win32/Trickbot.VB!MTB (file analysis)