Spy

Win32/Spy.Bancos.ADZ malicious file

Malware Removal

The Win32/Spy.Bancos.ADZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Spy.Bancos.ADZ virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Win32/Spy.Bancos.ADZ?



File Info:

name: 57F2CBBD5774518269C9.mlw
path: /opt/CAPEv2/storage/binaries/449c7a7b25ed1681d18141b50ea4230159196bc04931ba571a58ab64283fbdb2
crc32: 546870B9
md5: 57f2cbbd5774518269c98751bc36fbf6
sha1: c1aaf21739bd603d15434801f1894fcb32e8462a
sha256: 449c7a7b25ed1681d18141b50ea4230159196bc04931ba571a58ab64283fbdb2
sha512: f5494a333589f59619f4d6f80acef90aade0c48113157044b1fe049ec204cb27ecf99de24f6ae6495715dd984fa8d4062ec0e67e6d21bfa2113abe0b91b50590
ssdeep: 196608:iIKKEU7QhPGWeeq6warpdsHT8WbOpFqdMWPy2Wv6ZSrbERYOB3g25Z5nMFhfHIPv:iIeUieenzrjaTaYMoro6ZQDOB3n5Z5nB
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10FC63341B6618DFEC2D89D7357468ADE87028AB04439D02A6F1E44CFAF93E341B5A7CD
sha3_384: 23fc12c00453b922c97e22fce0797906689f255e7dc81e6712381dc01dbdef00d44d276f27610d84ec141c08e5252c74
ep_bytes: 558bec83c4cc53565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName:                                                             
FileDescription: Software Agência Ótica Setup                                
FileVersion:                     
LegalCopyright:                                                                                                     
Translation: 0x0409 0x04e4

Win32/Spy.Bancos.ADZ also known as:

SkyhighBehavesLike.Win32.ObfuscatedPoly.wc
McAfeeArtemis!57F2CBBD5774
K7AntiVirusSpyware ( 004bd53f1 )
AlibabaTrojanSpy:Win32/Bancos.b106862d
K7GWSpyware ( 004bd53f1 )
ESET-NOD32a variant of Win32/Spy.Bancos.ADZ
CynetMalicious (score: 99)
AvastFileRepMalware [Misc]
SophosMal/Generic-S
F-SecureTrojan.TR/Spy.Bancos.qmfus
AviraTR/Spy.Bancos.qmfus
Antiy-AVLTrojan[Spy]/Win32.Bancos
RisingSpyware.Bancos!8.2F8 (CLOUD)
IkarusTrojan-Spy.Win32.Bancos
FortinetW32/Bancos.ADZ!tr.spy
AVGFileRepMalware [Misc]

How to remove Win32/Spy.Bancos.ADZ?

Win32/Spy.Bancos.ADZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment