Spy

Win32/Spy.Banker.AENO malicious file

Malware Removal

The Win32/Spy.Banker.AENO is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Spy.Banker.AENO virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Harvests cookies for information gathering
  • Installs WinPCAP

How to determine Win32/Spy.Banker.AENO?


File Info:

name: 35BBA6D8574D1211E260.mlw
path: /opt/CAPEv2/storage/binaries/42e60ce9f0b7c5260282a7006af0166cd3603a6043d833719586bd1adaece138
crc32: 3006928C
md5: 35bba6d8574d1211e260e5fc014c2b54
sha1: 9a27335b6bb3df1045f132acfbb6edda8241ce9e
sha256: 42e60ce9f0b7c5260282a7006af0166cd3603a6043d833719586bd1adaece138
sha512: 14ce768b945f8d2cc3ece8b0dcd06ac7abf962a0075c06c04cd56881c28ee284b54d8050459672234ca6c3bca7a83eb72db3966456b6fc32dd700ac5aeb0d5a1
ssdeep: 12288:eYV6MorX7qzuC3QHO9FQVHPF51jgcHS0oigm:9BXu9HGaVH7
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BA8412C02ED6DD7AC0A523BAC43ADC50A8257871CAD83B5D8799F21EB836383D41765F
sha3_384: 89dc742f15a538bb0f76de59cc59f824f2aa4e268335179f1ea3298c6937d3e208e07de94c9ba2a8d2927e07d7411588
ep_bytes: 60be00e048008dbe0030f7ff57eb0b90
timestamp: 2021-01-30 12:26:10

Version Info:

FileVersion: 3.3.14.5
Comments: http://www.autoitscript.com/autoit3/
FileDescription: Aut2Exe
ProductVersion: 3.3.14.5
LegalCopyright: ©1999-2018 Jonathan Bennett & AutoIt Team
Translation: 0x0409 0x04b0

Win32/Spy.Banker.AENO also known as:

BkavW32.AIDetect.malware2
LionicHeuristic.File.Generic.00×1!p
ClamAVWin.Packed.Autoit-9817465-0
FireEyeGeneric.mg.35bba6d8574d1211
McAfeeRDN/Generic.dx
MalwarebytesMalware.Heuristic.1003
VIPRETrojan.GenericKD.36278764
SangforSpyware.Win32.Banker.AENO
BitDefenderTrojan.GenericKD.36278764
Cybereasonmalicious.8574d1
CyrenW32/ABTrojan.FFBX-4520
SymantecTrojan.Gen.MBT
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/Spy.Banker.AENO
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Script.Alien.gen
AlibabaTrojanDownloader:Script/Alien.176ff2a0
MicroWorld-eScanTrojan.GenericKD.36278764
Ad-AwareTrojan.GenericKD.36278764
SophosGeneric PUA JK (PUA)
ComodoMalware@#mhtt22gyvj5e
F-SecureDropper.DR/AutoIt.Gen
ZillyaTrojan.Alien.Script.32
TrendMicroTROJ_FRS.0NA103IK21
McAfee-GW-EditionBehavesLike.Win32.Generic.fc
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.36278764 (B)
IkarusDropper.AutoIt
GDataTrojan.GenericKD.36278764
WebrootW32.Trojan.Gen
AviraDR/AutoIt.Gen
MAXmalware (ai score=87)
Antiy-AVLTrojan[Downloader]/Autoit.Inetget.a
ArcabitTrojan.Generic.D22991EC
ZoneAlarmHEUR:Trojan.Script.Alien.gen
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
AhnLab-V3Malware/Win32.Generic.C4352284
ALYacTrojan.Dropper.Autoit
VBA32Trojan-Downloader.Autoit.gen
CylanceUnsafe
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_FRS.0NA103IK21
MaxSecureTrojan.Malware.7175203.susgen
FortinetAutoIt/Filecoder.X!tr.ransom
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Spy.Banker.AENO?

Win32/Spy.Banker.AENO removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment