About “Trojan:Win64/Dridex.GW!MTB” infection

The Trojan:Win64/Dridex.GW!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win64/Dridex.GW!MTB virus can do?

The binary likely contains encrypted or compressed data.
Anomalous binary characteristics

How to determine Trojan:Win64/Dridex.GW!MTB?


File Info:
crc32: 8A1D8ACD
md5: 60060113c4ff22782de4c5bcff439127
name: 60060113C4FF22782DE4C5BCFF439127.mlw
sha1: b6f2ce650dc61838b4069d5f867dd4727e66610c
sha256: 2b3e2dc05ad8f5a70ded78c31f58a6f4f60e56c0f5ca23dcb9614b3975452c8a
sha512: 5ca61777af05478d8fb0e970fd86a0587dc65f9bf330402dada0866d47b6dc2b548ec52632c98d636b2839b792add793ae74edcbca88a43ac808184dc72e8fe6
ssdeep: 12288:Uo2fXEX4F/i/pV7KtUrbPafmeOxE7vfb/hOO3fw058agrN1oA7A:UHUX4piRV7KerbEmVaA058agrN1o8
type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

Version Info:
LegalCopyright: Copyright xa9 2018
InternalName: verify
FileVersion: 8.0.1710.11
Full Version: 1.8.0_171-b11
CompanyName: Oracle Corporation
ProductName: Java(TM) Platform SE 8
ProductVersion: 8.0.1710.11
FileDescription: Java(TM) Platform SE binary
OriginalFilename: verify.dll
Translation: 0x0000 0x04b0

Trojan:Win64/Dridex.GW!MTB also known as:

Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen13.58481
Cynet	Malicious (score: 100)
ALYac	Gen:Variant.Johnnie.347014
Zillya	Trojan.Kryptik.Win64.11866
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 0057dbfc1 )
K7AntiVirus	Trojan ( 0057dbfc1 )
Cyren	W64/Dridex.DM.gen!Eldorado
ESET-NOD32	a variant of Win64/Kryptik.CLU
Zoner	Probably Heur.ExeHeaderH
APEX	Malicious
Avast	Win64:BankerX-gen [Trj]
ClamAV	Win.Trojan.Dridex-9870190-0
Kaspersky	HEUR:Trojan.Win64.Injexa.pef
BitDefender	Gen:Variant.Johnnie.347014
MicroWorld-eScan	Gen:Variant.Johnnie.347014
Tencent	Malware.Win32.Gencirc.10ce5d7f
Ad-Aware	Gen:Variant.Johnnie.347014
Sophos	ML/PE-A + Troj/Dridex-ABY
McAfee-GW-Edition	BehavesLike.Win64.Drixed.jc
FireEye	Generic.mg.60060113c4ff2278
Emsisoft	Gen:Variant.Johnnie.347014 (B)
SentinelOne	Static AI – Suspicious PE
Jiangmin	Trojan.Injexa.ht
Antiy-AVL	Trojan/Generic.ASMalwS.3354BCF
Microsoft	Trojan:Win64/Dridex.GW!MTB
Arcabit	Trojan.Johnnie.D54B86
GData	Gen:Variant.Johnnie.347014
AhnLab-V3	Trojan/Win.Dridex.R424025
Acronis	suspicious
McAfee	Drixed-FJX!60060113C4FF
MAX	malware (ai score=81)
Malwarebytes	Trojan.Script
Ikarus	Trojan.Win64.Dridex
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W64/Kryptik.CLU!tr
AVG	Win64:BankerX-gen [Trj]

How to remove Trojan:Win64/Dridex.GW!MTB?

Trojan:Win64/Dridex.GW!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X