Trojan:Win64/Dridex.EF!MTB information

The Trojan:Win64/Dridex.EF!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win64/Dridex.EF!MTB virus can do?

Unconventionial language used in binary resources: Hebrew
The binary likely contains encrypted or compressed data.
Anomalous binary characteristics

How to determine Trojan:Win64/Dridex.EF!MTB?


File Info:
crc32: FEB9AFD0
md5: 3d987c559fee6dc8d39a0428f77b39b1
name: 3D987C559FEE6DC8D39A0428F77B39B1.mlw
sha1: 698b12b088ffa55f47a0ea5a4504276941d7cb31
sha256: 3bd1435d754a8c551c78784e9c8a52f04f9e2c8837b3ce23f85905ac0b1be8a4
sha512: 40d97176d656353c1415734f5f56bf94c61693ecfb2f0b53e600cf550739a64e6b2e7cd33cb21cdf52d810a8494292ef4338fa716885eef73be046905319923c
ssdeep: 12288:NdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0Ta:jMIJxSDX3bqjhcfHk7MzH6zW
type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 2005 - 2009 Nir Sofer
InternalName: TeltwFoo
FileVersion: 9.74
CompanyName: NirSoft
ProductName: TeltwFoo
ProductVersion: 9.74
FileDescription: ProduKey
OriginalFilename: TeltwFoo.exe
Translation: 0x0409 0x04b0

Trojan:Win64/Dridex.EF!MTB also known as:

Elastic	malicious (high confidence)
ClamAV	Win.Dropper.Dridex-9875456-0
CAT-QuickHeal	Trojan.Win64RI.S20908814
ALYac	Trojan.GenericKDZ.75562
Zillya	Trojan.Injexa.Win64.129
CrowdStrike	win/malicious_confidence_80% (D)
Cyren	W64/MSIL_Kryptik.ELJ.gen!Eldorado
ESET-NOD32	a variant of Win64/Kryptik.CJV
Zoner	Probably Heur.ExeHeaderH
APEX	Malicious
Avast	Win64:BankerX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win64.Injexa.pef
BitDefender	Trojan.GenericKDZ.75562
MicroWorld-eScan	Trojan.GenericKDZ.75562
Tencent	Malware.Win32.Gencirc.10ce569e
Ad-Aware	Trojan.GenericKDZ.75562
Sophos	ML/PE-A + Troj/Dridex-ABY
McAfee-GW-Edition	Drixed-FJX!3D987C559FEE
FireEye	Generic.mg.3d987c559fee6dc8
Emsisoft	Trojan.GenericKDZ.75562 (B)
SentinelOne	Static AI – Malicious PE
Jiangmin	Trojan.Injexa.hs
Avira	TR/Crypt.ZPACK.Gen
Antiy-AVL	Trojan/Generic.ASMalwS.3333576
Microsoft	Trojan:Win64/Dridex.EF!MTB
Gridinsoft	Trojan.Win64.Kryptik.oa!s1
Arcabit	Trojan.Generic.D1272A
ZoneAlarm	HEUR:Trojan.Win64.Injexa.pef
GData	Trojan.GenericKDZ.75562
AhnLab-V3	Trojan/Win.Generic.R426521
McAfee	Drixed-FJX!3D987C559FEE
MAX	malware (ai score=83)
VBA32	Trojan.Win64.Dridex
Malwarebytes	Malware.AI.1884556628
Ikarus	Trojan.Win64.Dridex
MaxSecure	Banker.Win64.Emotet.sb
Fortinet	W64/Kryptik.CJV!tr
AVG	Win64:BankerX-gen [Trj]

How to remove Trojan:Win64/Dridex.EF!MTB?

Trojan:Win64/Dridex.EF!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X