Malware

How to remove “Win32/Tinba.BL”?

Malware Removal

The Win32/Tinba.BL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Tinba.BL virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Compression (or decompression)
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Arabic (Lebanon)
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • A system process is generating network traffic likely as a result of process injection
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Creates a copy of itself

Related domains:

b410n0l2k4j3a.cc

How to determine Win32/Tinba.BL?



File Info:

crc32: 1D465CC0
md5: 406f62df05c8900e3c77c96561044649
name: 406F62DF05C8900E3C77C96561044649.mlw
sha1: 8a891897a732b40196d39e8e01211925b2927af3
sha256: 3c83179ade84a718423cfef803a9bb8815514cab6c85a29a228345312d4907fe
sha512: 251e8fa0f7d457a703523246dd0160fc4b968a5e793d11853978c58b851168c2039a6c5858bcbbc294a49e03e3497cff189dff1563217a8e6d3c510c5f82ef97
ssdeep: 6144:UZPaGX7iIPe+c4j/b94z2EnOlyP3GWCdDsdWu+DwbmiFmCu36RsQ:kz4z27uOEmisCA8
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: madams harmonics
InternalName: insane incline
FileVersion: 146, 243, 128, 94
CompanyName: CPUID.org
PrivateBuild: idea
LegalTrademarks: instants gentrification
Comments: hafts magical
ProductName: handouts interstices
SpecialBuild: exploits
ProductVersion: 212, 89, 84, 253
FileDescription: modish hearth
OriginalFilename: heaters.exe
Translation: 0x0409 0x04b0

Win32/Tinba.BL also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 004c14921 )
LionicTrojan.Win32.Tinba.7!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CylanceUnsafe
ZillyaTrojan.Tinba.Win32.1887
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
K7GWTrojan ( 004c14921 )
Cybereasonmalicious.f05c89
SymantecTrojan.Tinba!gm
ESET-NOD32Win32/Tinba.BL
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan.Win32.Tinba.atho
BitDefenderTrojan.Cripack.Gen.1
NANO-AntivirusTrojan.Win32.Tinba.dsdcnj
MicroWorld-eScanTrojan.Cripack.Gen.1
TencentWin32.Trojan.Bp-generic.Ixrn
Ad-AwareTrojan.Cripack.Gen.1
SophosML/PE-A + Mal/Tinba-I
ComodoMalware@#2e9a8dpe6nee7
BitDefenderThetaGen:NN.ZexaF.34050.rq0@amsi96iK
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Dropper.dh
FireEyeGeneric.mg.406f62df05c8900e
EmsisoftTrojan.Cripack.Gen.1 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojan/Banker.Tinba.auc
AviraHEUR/AGEN.1118863
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASMalwS.110CA14
KingsoftWin32.Troj.Banker.(kcloud)
MicrosoftTrojan:Win32/Tinba.F
ArcabitTrojan.Cripack.Gen.1
ZoneAlarmTrojan.Win32.Tinba.atho
GDataTrojan.Cripack.Gen.1
AhnLab-V3Malware/Win32.Generic.C2419434
McAfeeArtemis!406F62DF05C8
MAXmalware (ai score=88)
VBA32BScope.TrojanRansom.Cryptodef
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/Genetic.gen
YandexTrojan.PWS.Tinba!IP9beLNIMEU
IkarusTrojan.Win32.Tinba
FortinetW32/Deshacop.XO!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
Qihoo-360Win32/Trojan.Tinba.HwcBEpsA

How to remove Win32/Tinba.BL?

Win32/Tinba.BL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment