UDS:Trojan.Win32.Bingoml.dndv removal tips

The UDS:Trojan.Win32.Bingoml.dndv is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What UDS:Trojan.Win32.Bingoml.dndv virus can do?

• Behavioural detection: Executable code extraction – unpacking
• SetUnhandledExceptionFilter detected (possible anti-debug)
• Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
• Yara rule detections observed from a process memory dump/dropped files/CAPE
• Possible date expiration check, exits too soon after checking local time
• Guard pages use detected – possible anti-debugging.
• Dynamic (imported) function loading detected
• Enumerates running processes
• Expresses interest in specific running processes
• Reads data out of its own binary image
• A process created a hidden window
• Executed a very long command line or script command which may be indicative of chained commands or obfuscation
• Drops a binary and executes it
• Uses Windows utilities to enumerate running processes
• Authenticode signature is invalid
• Uses Windows utilities for basic functionality
• Uses Windows utilities for basic functionality
• Detects BullGuard Antivirus through the presence of a library
• Attempts to repeatedly call a single API many times in order to delay analysis time
• Created a process from a suspicious location
• Installs itself for autorun at Windows startup
• Forces a created process to be the child of an unrelated process
• Creates a hidden or system file
• Detects the presence of Windows Defender AV emulator via files
• Anomalous binary characteristics
• Uses suspicious command line tools or Windows utilities

How to determine UDS:Trojan.Win32.Bingoml.dndv?

File Info:
name: 9D889B58118DD670172B.mlw
path: /opt/CAPEv2/storage/binaries/16215aaa48fb7799af732c1f879fece8a02f85b6b1af63eb25c8dfb64fe9b826
crc32: DA9D57FF
md5: 9d889b58118dd670172b9f2e957b11b5
sha1: 57c0da6e1bc2201f793a47409dd6cbe4ee8b38f1
sha256: 16215aaa48fb7799af732c1f879fece8a02f85b6b1af63eb25c8dfb64fe9b826
sha512: 7c0f39d9dc34160ca9006455a058d722e19b9d769fb46ca33e4eb489c432a6997469626e4496dfa608ba6599b9c6c055d4555c1d1b78bd1cb46f9649b5806897
ssdeep: 196608:+8uHwYI71MlWKX+bVbi//jYiKFcIuBph/WeGb:+8YK18WKO5iXxwcRph/
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T178A63313A8789C51D3EC057B44D3DAF8C71F6C382D530B62BAA93959B67F1867F26802
sha3_384: b6d6ee73a793819423ee06dc36046186548264917d324bc59d546c7e23543f32dcd64a7114b7758f490e6ed00b32984d
ep_bytes: e800b792006a00ff15a4e0d200c3f100
timestamp: 2022-02-05 13:44:27

Version Info:
0: [No Data]

UDS:Trojan.Win32.Bingoml.dndv also known as:

How to remove UDS:Trojan.Win32.Bingoml.dndv?

• Download and install GridinSoft Anti-Malware.
• Open GridinSoft Anti-Malware and perform a “Standard scan“.
• “Move to quarantine” all items.
• Open “Tools” tab – Press “Reset Browser Settings“.
• Select proper browser and options – Click “Reset”.
• Restart your computer.