Trojan

UDS:Trojan-Banker.Win32.Banbra.wtyy removal

Malware Removal

The UDS:Trojan-Banker.Win32.Banbra.wtyy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What UDS:Trojan-Banker.Win32.Banbra.wtyy virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Collects information about installed applications

How to determine UDS:Trojan-Banker.Win32.Banbra.wtyy?



File Info:

name: 3B13A50D70C2F15A111C.mlw
path: /opt/CAPEv2/storage/binaries/598cb704ee3121dd60a2443b1b4e6e2ba09be51c30aaef512e31d672dac56957
crc32: 7488B7D0
md5: 3b13a50d70c2f15a111c37dd389e420e
sha1: 7a156bfd0531b942ce8c627df82ddec3c5c85b45
sha256: 598cb704ee3121dd60a2443b1b4e6e2ba09be51c30aaef512e31d672dac56957
sha512: 6d045ecb7d893a22fa9ff5477461fbe4ef0cd7d3d422f7b34291df2bbb39f686b9a56a933e90df6a19b1aed0c6b558713fa1b0bf9256e39479299f17cb722de4
ssdeep: 196608:WvasvkB8+ILr1OHrPmov9qlWIMBXAGoi8fsU1mqBTt+a4imKHbp:WSsy8+CUHBvo7MBwo8EU11Tt3Lt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1519633119BEA44F5D97E8031B922A7751C387E242F349B2DB7E0BD1DFB30152E6213A6
sha3_384: 601992325620bc01824045a2cb67a59cb714dd2deb027d645ab085db359fc17b47fc01ae7c7b597b8289633892f02c78
ep_bytes: e8ce040000e98efeffff3b0dc8a14300
timestamp: 2019-01-28 10:02:47


Version Info:

0: [No Data]

UDS:Trojan-Banker.Win32.Banbra.wtyy also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Encoder.tq0V
DrWebTrojan.DownLoader24.54173
MicroWorld-eScanTrojan.GenericKD.34086939
FireEyeGeneric.mg.3b13a50d70c2f15a
McAfeeArtemis!3B13A50D70C2
CylanceUnsafe
SangforTrojan.Win32.Agent.FEM
K7AntiVirusTrojan-Downloader ( 00568ad01 )
K7GWTrojan-Downloader ( 00568ad01 )
Cybereasonmalicious.d70c2f
BitDefenderThetaAI:Packer.E88707091D
CyrenW32/Trojan.GMR.gen!Eldorado
SymantecTrojan.Gen.MBT
Elasticmalicious (high confidence)
ESET-NOD32multiple detections
TrendMicro-HouseCallTROJ_GEN.R002C0WCI22
Paloaltogeneric.ml
ClamAVWin.Dropper.Bladabindi-6813690-0
KasperskyUDS:Trojan-Banker.Win32.Banbra.wtyy
BitDefenderTrojan.GenericKD.34086939
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
AvastWin32:Trojan-gen
RisingMalware.Generic.5!tfe (CLOUD)
Ad-AwareTrojan.GenericKD.34086939
EmsisoftTrojan.GenericKD.34086939 (B)
ComodoMalware@#f66jzdgo0ivx
F-SecureTrojan.TR/Dldr.Agent.pwjhc
ZillyaTrojan.Rasftuby.Win32.316
TrendMicroTROJ_GEN.R002C0WCI22
McAfee-GW-EditionBehavesLike.Win32.Generic.rc
SophosMal/Generic-S
IkarusTrojan-Downloader.Win32.Agent
GDataWin32.Trojan.Agent.2X43UX
JiangminTrojan.Scrami.s
AviraTR/Dldr.Agent.pwjhc
MAXmalware (ai score=86)
Antiy-AVLTrojan[Banker]/Win32.Banbra
ArcabitTrojan.Generic.D208201B
ZoneAlarmHEUR:Trojan-Banker.Win32.Banbra.vho
MicrosoftBackdoor:Win32/Bladabindi!ml
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.RL_Generic.R305028
VBA32BScope.TrojanPSW.Coins
ALYacTrojan.GenericKD.34086939
MalwarebytesMalware.AI.1289012067
APEXMalicious
TencentWin32.Trojan-downloader.Agent.Ljkd
SentinelOneStatic AI – Malicious SFX
MaxSecureTrojan.Malware.103131738.susgen
FortinetW32/Banbra.FEM!tr
AVGWin32:Trojan-gen
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove UDS:Trojan-Banker.Win32.Banbra.wtyy?

UDS:Trojan-Banker.Win32.Banbra.wtyy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment