Trojan

Trojan:Win32/TrickBotCrypt.GO!MTB malicious file

Malware Removal

The Trojan:Win32/TrickBotCrypt.GO!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/TrickBotCrypt.GO!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality

How to determine Trojan:Win32/TrickBotCrypt.GO!MTB?



File Info:

name: 202704FA98E444B30A70.mlw
path: /opt/CAPEv2/storage/binaries/de688485e00c1f90baa9df32c762f6abce52f9f279dd622256a76d64833bd8e4
crc32: B31E1D94
md5: 202704fa98e444b30a703103d78fcc84
sha1: dd507b299f18f130900ce16c39a77e75ace99cbd
sha256: de688485e00c1f90baa9df32c762f6abce52f9f279dd622256a76d64833bd8e4
sha512: 387d4274fe3608c1da2454a4caf6a5937af37d1363d8a9ad2a704ef0839047ee3fc72d5742556282da0b4fef48fe74342e5c8dbaa0c4f2eb05101b581134fd1e
ssdeep: 6144:v5+iRFTkRhO9SEltZtfherliYSuTNpBRaj4gzaxCdKJjWJFWMaDTX3H:JFTk4tZTm4EBpL0zacMScx7
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T140A4D00272E0C035C2EF133D19269B1967BBFD20DB7586CB2751BE9EAE346D18939352
sha3_384: 848549572cede1cd4fca2bfa363de2f36106b3e225dbf30926182b1bc27b0b3ea81287c4db8206dc369b23859d9d64fd
ep_bytes: 6a0c68781b0210e85b0f000033c04089
timestamp: 2021-12-06 19:07:51


Version Info:

FileDescription: DBFETCH MFC Application
FileVersion: 1, 0, 0, 1
InternalName: DBFETCH
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: DBFETCH.EXE
ProductName: DBFETCH Application
ProductVersion: 1, 0, 0, 1
Translation: 0x0409 0x04b0

Trojan:Win32/TrickBotCrypt.GO!MTB also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.FQNG
FireEyeGeneric.mg.202704fa98e444b3
CAT-QuickHealTrojan.TrickpakRI.S25394002
McAfeeGenericRXRB-AI!202704FA98E4
CylanceUnsafe
ZillyaTrojan.TrickBot.Win32.2611
K7AntiVirusTrojan ( 00579dbe1 )
K7GWTrojan ( 00579dbe1 )
CrowdStrikewin/malicious_confidence_70% (D)
CyrenW32/TrickBot.HD.gen!Eldorado
ESET-NOD32Win32/TrickBot.DX
APEXMalicious
ClamAVWin.Malware.Trickbot-9916944-0
KasperskyHEUR:Trojan.Win32.Trickpak.pef
BitDefenderTrojan.Agent.FQNG
AvastWin32:BankerX-gen [Trj]
TencentTrojan.Win32.Trickpak.16000126
Ad-AwareTrojan.Agent.FQNG
TACHYONTrojan/W32.Trickpak.450560.B
SophosML/PE-A + Troj/Trickb-DS
DrWebTrojan.DownLoader44.14071
McAfee-GW-EditionBehavesLike.Win32.Emotet.gc
EmsisoftTrojan.TrickBot (A)
IkarusTrojan.Win32.Trickbot
GDataTrojan.Agent.FQNG
JiangminTrojan.Trickpak.mq
AviraTR/TrickBot.qhueh
Antiy-AVLTrojan/Generic.ASMalwS.34E80E8
MicrosoftTrojan:Win32/TrickBotCrypt.GO!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.TrickBot.C4823806
VBA32Trojan.Trickpak
ALYacTrojan.Agent.FQNG
MAXmalware (ai score=84)
MalwarebytesTrojan.TrickBot
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.109946090.susgen
FortinetW32/TrickBot.DX!tr
AVGWin32:BankerX-gen [Trj]
PandaTrj/Genetic.gen

How to remove Trojan:Win32/TrickBotCrypt.GO!MTB?

Trojan:Win32/TrickBotCrypt.GO!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment