Trojan

What is “VHO:Trojan-Banker.Win32.RTM”?

Malware Removal

The VHO:Trojan-Banker.Win32.RTM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VHO:Trojan-Banker.Win32.RTM virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Attempts to connect to a dead IP:Port (2 unique times)
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • A process created a hidden window
  • Performs some HTTP requests
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Anomalous binary characteristics

Related domains:

redirector.gvt1.com
r8—sn-bpb5oxu-3c2r.gvt1.com

How to determine VHO:Trojan-Banker.Win32.RTM?



File Info:

crc32: 10B2C75C
md5: 2a73d3b181923f7386b6cebb7ddc1077
name: 2A73D3B181923F7386B6CEBB7DDC1077.mlw
sha1: cc611c21da8380f3cd8c7218a72076a1e7dd465c
sha256: 6fb7e5e1dce806ff99a335db2ee5720e2c62377232ca4eb9c3ab4e53b5012f2c
sha512: 55e72b6b4825d91dc11dca17fd26207b1b0f67a8e5bdc564e4a9a7240c3e4d8ff3740b06560ac048743eaecfca05826d5534a771858a9915e07bfe88ea727fed
ssdeep: 6144:RGoV8njF/EeBfCFH7OEn1J8JRO+njE2X2J/7vKsakTixuc:N8njF/EqfCFHyu1+lFGwuc
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

VHO:Trojan-Banker.Win32.RTM also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.HINM
APEXMalicious
CynetMalicious (score: 100)
KasperskyVHO:Trojan-Banker.Win32.RTM.gen
NANO-AntivirusVirus.Win32.Gen-Crypt.ccnc
SophosML/PE-A + Mal/EncPk-APW
BitDefenderThetaGen:NN.ZedlaF.34738.Cm6@a4Z2c0oG
FireEyeGeneric.mg.2a73d3b181923f73
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_97%
MicrosoftTrojan:Win32/Wacatac.B!ml
MalwarebytesQbot.Backdoor.Stealer.DDS
RisingTrojan.Generic@ML.100 (RDML:Rl0etq6oO4WqajaMamWTtg)
IkarusTrojan.Win32.Krypt
FortinetW32/Kryptik.HLAD!tr

How to remove VHO:Trojan-Banker.Win32.RTM?

VHO:Trojan-Banker.Win32.RTM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment