Spy

Win32/Spy.Bancos.U (file analysis)

Malware Removal

The Win32/Spy.Bancos.U is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Spy.Bancos.U virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs
  • Anomalous binary characteristics

How to determine Win32/Spy.Bancos.U?



File Info:

crc32: 6CDC86B9
md5: f6003af20a36a3927b887be1b19718db
name: F6003AF20A36A3927B887BE1B19718DB.mlw
sha1: cafb14acf4befd8fb30a57e2e75f05195dae39d4
sha256: 5700197aaf714af42f617ff60fcfd1ba75afc8db9a791b90430e322227fafb04
sha512: 20d26c2d04c8f14fc42e319252d89ffc74d38ef1519edb1787549967d2ad44eccfbcac5f3248658a6d1df0b9eaaa37bec2bcb9d894efd1cdd4afb3ed2f6954ae
ssdeep: 3072:hw70fqStUU2dc2O7kpTa7p3KXQQH4FNdo8cxa3XQV0GX:zfRucypTqp6AQUro8cxa3gV0i
type: PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed


Version Info:

Translation: 0x0409 0x04b0
LegalCopyright: Microsoft Corporation
InternalName: kernelsNT
FileVersion: 3.00
CompanyName: Microsoft Corporation
LegalTrademarks: Microsoft Corporation
Comments: kernelNT
ProductName: kernelNT
ProductVersion: 3.00
FileDescription: kernelNT.exe
OriginalFilename: kernelsNT.exe

Win32/Spy.Bancos.U also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 005376ae1 )
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Bancos.207
CynetMalicious (score: 100)
CMCGeneric.Win32.f6003af20a!MD
ALYacDropped:Trojan.Banker.VB.AB
CylanceUnsafe
CrowdStrikewin/malicious_confidence_70% (D)
AlibabaTrojanSpy:Win32/Bancos.9e7ea8a7
K7GWTrojan ( 005376ae1 )
Cybereasonmalicious.20a36a
BaiduWin32.Trojan.Bancos.a
CyrenW32/Bancos.YKBI-3430
SymantecInfostealer.Bancos
ESET-NOD32Win32/Spy.Bancos.U
APEXMalicious
AvastFileRepMalware
ClamAVWin.Spyware.Banker-206
KasperskyTrojan-Banker.Win32.Bancos.ha
BitDefenderDropped:Trojan.Banker.VB.AB
NANO-AntivirusTrojan.Win32.Banker.eprp
ViRobotTrojan.Win32.S.Bancos.123904.B
MicroWorld-eScanDropped:Trojan.Banker.VB.AB
TencentMalware.Win32.Gencirc.10b5475f
Ad-AwareDropped:Trojan.Banker.VB.AB
SophosML/PE-A + Troj/Bancos-RO
ComodoTrojWare.Win32.Spy.Bancos.U@3wc3
BitDefenderThetaGen:NN.ZevbaF.34770.hi0faeujJCni
VIPRETrojan-Spy.Win32.Bancos.ha (v)
TrendMicroTSPY_BANCOS.ARL
McAfee-GW-EditionBehavesLike.Win32.VirRansom.cc
FireEyeGeneric.mg.f6003af20a36a392
EmsisoftDropped:Trojan.Banker.VB.AB (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojanSpy.Bancos.bzx
WebrootW32.InfoStealer.Bancos
AviraTR/Spy.Bancos.PQ
Antiy-AVLTrojan/Generic.ASMalwS.DABF7
MicrosoftTrojanSpy:Win32/Bancos
ArcabitTrojan.Banker.VB.AB
AegisLabTrojan.Win32.Bancos.l3Qv
ZoneAlarmTrojan-Banker.Win32.Bancos.ha
GDataDropped:Trojan.Banker.VB.AB
Acronissuspicious
McAfeePWS-Banker.gen.h
MAXmalware (ai score=100)
VBA32SIM.Trojan.VBO.0577
MalwarebytesMalware.AI.3489154154
PandaTrj/Banker.ANL
TrendMicro-HouseCallTSPY_BANCOS.ARL
RisingSpyware.Bancos!1.98E3 (CLASSIC)
YandexTrojan.Banker!GxKj8vvA/48
IkarusTrojan-Spy.Win32.Bancos.ha
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Bancos.HA!tr
AVGFileRepMalware
Paloaltogeneric.ml
Qihoo-360Win32/TrojanPSW.Bancos.HxEAEpsA

How to remove Win32/Spy.Bancos.U?

Win32/Spy.Bancos.U removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment